Connect with us

Hi, what are you looking for?

Cyber Security

SQL injection vulnerability in e-learning platform Moodle could enable database takeover

A security vulnerability in e-learning platform Moodle could allow an attacker to take over a database and potentially obtain sensitive information, researchers have warned.

Moodle is an open source educational resource that enables institutions to create online learning materials for students.

Researchers have found that the website is vulnerable to a second order SQL injection flaw, which could enable an attacker to potentially take control of a database server.

Teachers are able to create custom badges for their pupils, which they can earn through completing tasks such as courses or essays.

When creating these badges, it is possible for an attacker with teacher status to insert a malicious SQL query into the database.

Later, that data is fetched from the database and is injected unsanitized into another query. When the badge is enabled for access by students, the injected SQL query will be executed.

In a blog post, researcher ‘dugisec’ explained how the attack works.

Caveats

It’s important to note that in order to perform this attack, a malicious actor will have to be logged in as a teacher.

However, the impact of the authenticated bug could be damaging. The researcher who found the vulnerability said it can also be used in a stored XSS attack.

They wrote: “In order to exploit this, a new badge has to be created for each SQL query that the attacker wants to run. This is because once a badge has been created, the criteria cannot be updated.”

The researcher added: “I also would not be surprised if there are more SQLis of this nature in Moodle. As a bonus this bug can be used for stored XSS as well.”

The researcher noted that this bug appears to have been reported in a GitHub post from 2013.

The report reads: “In order to get our SQL query into the database it’s necessary to create a badge and add some criteria. It is when adding the critera that the sql-to-be-executed-2nd-order is inserted into the database.

“Finally, when the badge is enabled the injected SQL is executed.”

The Daily Swig has reached out to Moodle to learn more and will update this article accordingly.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/sql-injection-vulnerability-in-e-learning-platform-moodle-could-enable-database-takeover

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO