22 Jul 17:55
PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page
From: ProCheckUp Research <research <at> procheckup.com>
Subject: PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page
Newsgroups: gmane.comp.security.full-disclosure, gmane.comp.security.bugtraq
Date: 2008-07-22 15:59:48 GMT
Subject: PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page
Newsgroups: gmane.comp.security.full-disclosure, gmane.comp.security.bugtraq
Date: 2008-07-22 15:59:48 GMT
PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page
Vulnerability found: 25/06/2008
Vendor informed: 28/06/2008
Vulnerability fixed: 16/07/2008
Advisory publicly released: 22/07/2008
Severity: High
Description:
HTTP requests can be forged due to lack of tokenization. By tricking the
victim to visit a third-party page while being logged in, certain
actions can be forged on behalf of the target user.
Notes:
The victim's user ID ('id') parameter and course ID ('course'
parameter) are required for a successful attack. However, such values
are public as they can be obtained from many sections of the site such as:
user blogs ('/blog/')
chats
public profiles. i.e.: '/user/view.php?id=2&course=1',
'/user/index.php?id=1',
'/user/index.php?id=1&group=&perpage=20&teachers=1&accesssince=0&search=0&perpage=500'
(Continue reading)
RSS Feed