procheckup logo
sidebar_boxes_image

Contact Us

Find out more information about ProCheckUp click here.


sidebar_boxes_image

Services

Find out more about ProCheckUp services here.


sidebar_boxes_image

Events

  • PCI DSS User Group meeting

    Neira Jones will be speaking on Barclaycards current approach to PCI and offering advice and guidance to merchants.

Click here to see more events.

Vulnerabilities 2008


PR08-15 Several Webroot Disclosures on Moodle


  • Advisory publicly released: Tuesday, 22 July 2008
  • Vulnerability found: Friday, 20 June 2008
  • Vendor informed: Wednesday, 25 June 2008
  • Vulnerability fixed: Wednesday, 16 July 2008
  • Severity level: Low
  • Credits
    Richard Brain of ProCheckUp Ltd. (www.procheckup.com)

    ProCheckUp would like to thank Petr Skoda and the rest of the Moodle team for their excellent response time and cooperation towards resolving this matter.
  • Description
    Moodle 1.6.5 is vulnerable to several webroot disclosures. No authentication is required to obtain the webroot paths.
  • Proof of concept
    Requested URL:

    https://moodle.target.ac.uk/blog/blogpage.php

    Response:

    Fatal error: Class 'page_base' not found in /Volumes/<dir_name>/data/moodle/blog/blogpage.php on line 9

    Requested URL:

    https://moodle.target.ac.uk/course/report/stats/report.php

    Response:

    Fatal error: Call to undefined function get_courses() in /Volumes/<dir_name>/data/moodle/course/report/stats/report.php on line 3
  • How to fix
    Disable display_errors in PHP configuration; A new warning for administrators has been added in versions 1.8.6 and 1.9.2. This issue has been tracked as MDL-15413.
  • Consequences
    Information about the target environment can be extracted.
  • Tested environment
    Server: Apache/2.2.2 (Unix) PHP/5.2.1 mod_ssl/2.2.2 OpenSSL/0.9.7l Moodle 1.6.5 + (2006050550)

    Note: Moodle reveals its version within HTML source code. i.e.:

    <a title="moodle 1.6.5 + (2006050550)" href="http://moodle.org/">
  • References


    http://moodle.org/mod/forum/discuss.php?d=101403


    http://www.procheckup.com/research/views/vulnerabilities


  • Legal
    Copyright 2008 Procheckup Ltd. All rights reserved.

    Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.