Moodle jumpto.php jump Variable Arbitrary Site Redirect

2005-11-10T07:03:44
ID OSVDB:20750
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-11-10T07:03:44

Description

Vulnerability Description

Moodle contains a flaw that may allow a remote attacker to trick a user into visiting an arbitrary site under the apparent trust of a legitimate site. The issue is due to the jumpto.php script providing a site redirect to an arbitrary web site. This may give an attacker a way to trick a user into clicking what appears to be a legitimate URL of a valid site, but really leads them to an arbitrary site with malicious content.

Solution Description

Upgrade to version 1.6dev or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Moodle contains a flaw that may allow a remote attacker to trick a user into visiting an arbitrary site under the apparent trust of a legitimate site. The issue is due to the jumpto.php script providing a site redirect to an arbitrary web site. This may give an attacker a way to trick a user into clicking what appears to be a legitimate URL of a valid site, but really leads them to an arbitrary site with malicious content.

Manual Testing Notes

http://[target]/[path]/course/jumpto.php?jump=http://www.evilsite.com

References:

Vendor URL: http://moodle.org/ Secunia Advisory ID:17526 Related OSVDB ID: 20748 Related OSVDB ID: 20749 Other Advisory URL: http://rgod.altervista.org/moodle16dev.html FrSIRT Advisory: ADV-2005-2387 CVE-2005-3649