Saturday, November 23, 2024

Moodle SQL injection vulnerability: in e-learning platform could enable database takeover

Moodle SQL Injection Vulnerability

A security vulnerability in e-learning platform Moodle could allow an attacker to take over a database and potentially obtain sensitive information, researchers have warned

Moodle is an open source educational resource that enables institutions to create online learning materials for students.

Researchers have found that the website is vulnerable to a second order SQL injection flaw, which could enable an attacker to potentially take control of a database server.

Teachers are able to create custom badges for their pupils, which they can earn through completing tasks such as courses or essays.

When creating these badges, it is possible for an attacker with teacher status to insert a malicious SQL query into the database.

Later, that data is fetched from the database and is injected unsanitized into another query. When the badge is enabled for access by students, the injected SQL query will be executed.

In a blog post, researcher ‘dugisec’ explained how the attack works.

Caveats

It’s important to note that in order to perform this attack, a malicious actor will have to be logged in as a teacher.

However, the impact of the authenticated bug could be damaging. The researcher who found the vulnerability said it can also be used in a stored XSS attack.

They wrote: “In order to exploit this, a new badge has to be created for each SQL query that the attacker wants to run. This is because once a badge has been created, the criteria cannot be updated.”

The researcher added: “I also would not be surprised if there are more SQLis of this nature in Moodle. As a bonus this bug can be used for stored XSS as well.”

Recommended:  Google Chrome extensions can be easily fingerprinted to track you online

The researcher noted that this bug appears to have been reported in a GitHub post from 2013.

The report reads: “In order to get our SQL query into the database it’s necessary to create a badge and add some criteria. It is when adding the critera that the sql-to-be-executed-2nd-order is inserted into the database.

“Finally, when the badge is enabled the injected SQL is executed.”

SQL Injection Attack

What is an SQL Injection Vulnerability?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.

Go to Cybersecurity Knowledge Base

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security