Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] PR08-15: Several Webroot Disclosures on Moodle

from [ProCheckUp Research] Network Security [Permanent Link]
Subject: [Full-disclosure] PR08-15: Several Webroot Disclosures on Moodle
Date: Tue, 22 Jul 2008 16:48:39 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

PR08-15: Several Webroot Disclosures on Moodle

Vulnerability found: 20/06/2008

Vendor informed: 25/06/2008

Vulnerability fixed: 16/07/2008

Advisory publicly released: 22/07/2008

Severity: Low

Description:

Moodle 1.6.5 is vulnerable to several webroot disclosures. No
authentication is required to obtain the webroot paths.

Proof of concept:

Requested URL:
https://moodle.target.ac.uk/blog/blogpage.php

Response:
Fatal error: Class 'page_base' not found in
/Volumes/<dir_name>/data/moodle/blog/blogpage.php on line 9

Requested URL:
https://moodle.target.ac.uk/course/report/stats/report.php

Response:
Fatal error: Call to undefined function get_courses() in
/Volumes/<dir_name>/data/moodle/course/report/stats/report.php on line 3



Tested environment:

Server: Apache/2.2.2 (Unix) PHP/5.2.1 mod_ssl/2.2.2 OpenSSL/0.9.7l
Moodle 1.6.5 + (2006050550)

Note: Moodle reveals its version within HTML source code. i.e.: <a
title="moodle 1.6.5 + (2006050550)" href="http://moodle.org/";>

Consequences:

Information about the target environment can be extracted.

Fix:

Disable display_errors in PHP configuration; A new warning for
administrators has been added in versions 1.8.6 and 1.9.2.

This issue has been tracked as MDL-15413.

References:

http://moodle.org/mod/forum/discuss.php?d=101403
http://www.procheckup.com/Vulnerabilities.php

Credits: Richard Brain of ProCheckUp Ltd. (www.procheckup.com)

ProCheckUp would like to thank Petr Skoda and the rest of the Moodle
team for their excellent response time and cooperation towards resolving
this matter.

Legal:

Copyright 2008 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup is not
liable for any misuse of this information by any third party.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIhgFXoR/Hvsj3i8sRAiiyAJ0U1ByjcRrL0jtUbi6kGH8ufyFwfgCbBLWb
ddim9D9v6Zfdp1l9bsVtBG0=
=L9ID
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] PR08-15: Several Webroot Disclosures on Moodle, ProCheckUp Research <=
Previous by Date:  [Full-disclosure] PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title, ProCheckUp Research
Next by Date:  [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities, Digital Security Research Group [DSecRG]
Previous by Thread:  [Full-disclosure] PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title, ProCheckUp Research
Next by Thread:  [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities, Digital Security Research Group [DSecRG]
Indexes:  [Date] [Thread] [Top] [All Lists]