» 2 Moodle security vulnerabilities

lustgal taylor swift nude fakes freesexymovies hubporn tuba8.com celebritynudes furry sexy games zac efrons cock sex-arab www.slutload.com. karisweets jamie foxworth rebecca smythe www.xvideos live.com www.89com maria cucinotta anya zenkova lsmagazine nudebody nicole austin www sexy home alone.com loli www.pink word.com stripteas tub 8 com fuckmom lisa marie scott face sxey watch taboo charming mother vickie guerrero nude xhamsters. ailinmujica hentaikey nudedivas kristy brinkley nude old ladies www.youjizz.com. tabitha gilley sharemywife com sleep assault.com zshare lacey duvalle arabsexy tube 18eighteen phim net lyric 0611 animalsex www.porn hup.com slash 4x4 tamil sex tube corinne russell www.playboyxxx layla kayleigh nude www.zootube365 angelinajoliesex www.freesex keez movies com nigarkhannude schoolsex pornohub.ro transexuals momandboys nude family www.youngertube.com tune8.com zooz tube penelope menchaca en playboy videosnet sarah streicher www jizzhut com www keezmovies nude adrian barbeau sunporn free brazzers videos selina gomez tupornotv adminlogin.asp culonas www.dianparkinson www.pornor ama real wives fucking terry ferrell nude nudewife cq50-139 ro89. pornocafe vanessa hudgens no clothes e fukt.com panty poop tube poptropica.com ailin mujica www.tubeporno laura antonelli porno na tv girlnude sex 141 beachtube alanna marie orton 3 men one hammer vicki lamotta wwwbigbutts.com wetcircle sex heather grahm brazzer.com.mx www.fatpussy.com searchsex tubegalore com tamilsexstory mexicanlust animales sexo adriana lima sex tape lube your tube hamster free porn profesinal examples of assonace pornopat sue holderness megan price nude bulges lolicon gexo. com x hamstre.com dreammovie.com sex tube now nude native american women camilla belle hot ww.sexvedios.com girls tribbing patrick dempsey sex tubes pornative.com giannamichel michelle smith american thunder pakistani sex.com www.oldspunkers.com.com sluty women farrah fawcett nude justine joli sturgis photos zoo tube.com 365 nudistcamps alley bagett www.pron.com stella stevens nude rotton.com www-free-sexy-muves-com ncis spoilers season 7 sarah parish nude girlsnextdoornude usher hand signals nude pageant pics coccosworld flashing truckers site youtube.com fucking boy videos muy zorraz nudeaerobics macizorrascom naughtamerica www.xmovies.com cfake.com old man tube xxnx .com www pornorama.com nudesyoung animal porn hamster porno tamilsexstroies fucked bianca beauchamp forum selena gomez nude picture natalna karta na srpskom www.youpornbeta.com vido six nudeyoung selina 18 tinhdonphuong.com www xxxporn.com joan collins playboy web search exploitedcollegegirls joon mali bobbi billard videos jenni rivera hot video www.avizoon cheryl cole upskirts shegods www.tubeblackporn.com newsfilter.org sweet anais kt so gexo.com nickjr.com gianna videos 305 naked.com tina fey nude youponr.com exit to eden dana delany nude exercising wwwyouporn bruce lee uniform 100nonnude keez moveis hsu chi lia 19.com casey anthony myspace starfeatures.blogspot free videos of brazzers rebecca ferratti nudefemales sibel kekil nublie free online sexy moves wwwxhamster.com maturesandcoeds.com sarah ferguson young girls that fuck supaero leslie ann warren nude nudegirls.com shemail emmastarr youtoube tia leoni www.publicinvasion.com badjojo.com. deana carter nude youngnudes wwwpetardascom ali lohan implants www.petardas www.victoriasecret.com hotmoms jesica beal zoo.tube.365.com sherry jackson xxx.com mapouka sex tube www4tube.com muy zorraz .com phat azz fucking tubes brazzers.com. undressing video one guy one horse runescape best way to make money www.red tupe.com lisa wu hartwell keith sweat spank wire.com linda blair nude hoopz sextape newsfilter.0rg zootub365.com hqtube .com sexi adultporn sasha ogata nude beaches pictures vanessawilliamsnude alison waite mom sons videos nudetubevideos hand signals for church ushers wwwyouporno muyzorras.com. kristy swanson playboy youtube sexs kiana tom nude tnadivas voyuerweb nude african men one man one jar video vanasa huges youngporn sylvia saint tube nudemoves youtubesexs www.donenude askjolene suzanne somers playboy mom sex tube rapidshare erotiekpagina nnxn video portube hilary duff nuda www.animalsexporno.com malayalam kambi pictures www.xviedo.com mr sneak utube website tube 8 animal www.pichunter.com nikki ziering nudest www.pussy.com daphne rosen kat von d nude jill wagner nude selena gomez nude pictures sexypregnantwomen bigmingle.com emma watson sexy videos brazzers nude joanne kelly www animailsex andrea lowell nudes www youporno.it sleazy dreams sheroke d azz nude tube gay wwwxvidio.com wwwtube8. com bustedcelebrity .com vidosex karla spice topless www.youpornanimal ha porn todd bentley divorce oldfuck nude namitha selina18 gay tube lil kimnude jamie foxworth.com spank vire squirting pussys lisa robin kelly naked red tud.com anne hathaway fakes www.sex three men one hammer www.nepalimodel.com www.sex fuck www.sexymovies.com. www.sex clip.com jami foxworth xvideo com porno filimler gigi lai dansmovies blue flim.com lapsex.net learnforgood dinosaur king porn shown at home clips.com www.yoporn mugen characters xvideo video.com 1 guy 1 horse copulating passion ring jamiefoxworth.com nude photos of markie post rawtube com xtube .com xxxporno.cn pinoy scandal blogspot .com home made indian sex tubes xhamster flower tucci www.freevideos.com tamilsex story lexo pixie acia red toub.com jillian michaels naked sleeping sexvidieos brazzers free trishelle www.arab-tube.com poptropic sexy moveis men4now tagalog sex story www.teensfromtokyo.com indiansexy tori praver nude www youporn.com fukt.com keezmovie.com mrs drunna www.dogsex.com aprilbowlby nude family sex tubes cybergirl.com miley cyrus fake nude www.youpor.no watch full ultimate surrender free www.zoo tube365.com bonnie wright in a bikini ways to masterbate itottube bustybrits www.free.stream.tv pornhhub.com www.xvideos.c0m naughty america .com infonavit ls magazine models 10gay.com beach sextube browntrain teenass futanaria.c0m amateur porntube nude manisha koirala red tune maureen mccormick naked fakepix. com dolly parton naked jana bach ftvgitls.com www.hannamontana.com saigon sex jillian michaels nude youprn com pron hud sandra teen model m www redtube elke the stallion redtobe www.sexc.om porn host zootube.365.com yutube site youtube.com pinkword com nude black celebs tube.8.com niecy nash nude www.cam4.com. www.camwithher.com wwwsexindiacom red toube.ro » 2 Moodle security vulnerabilities

2 Moodle security vulnerabilities

A while back I wrote and submitted a patch which was went into the core Moodle codebase. You can see my name in the Moodle credits. It was about an cross-site scripting vulnerability that I found in the code. Projects like Moodle are bound to have these. Moodle is not any less secure than other systems.

Lately I’ve noticed a different type of security issue with Moodle. Information is starting to leak out of Moodle via rss and blogs. Architecturally speaking this has a lot to do with Moodle’s bazzar architecture. New features are bolted-on rather than built in (but that’s a story for another day). Here are two security flaws in Moodle versions > 1.7:

Moodle system administrators assume that Moodle is secure and they will mostly link Moodle with their current institutional authentication system (such as ldap or whatever). However anyone with teacher rights can now set up a discussion forum, enable rss, publish the feed and hey presto your class is open to the public. There is no authentication on this feed. I doubt most teachers are aware of this. And I think most Moodle sys admin would freak out if they knew.
Moodle blogs feature (although half-baked and not much use) creates posts that are available publicly without athenticaiton. This is less of risk than the discussions rss leak above as you might reasonably expect your blog to readable widely.

Posted under Moodle, blogs, elearning, security by Eamon Costello 29.02.2008

3 comments on “2 Moodle security vulnerabilities”

belfield says

Eamon
That’s the kind of stuff that makes the hair stand up a bit on the back of Joe Average User’s neck!!!
[And 'slightly' off topic -- Thanks for the linkout in your blogroll...]
C.
Eamon Costello says

Thanks @C
and cheers for the link from your blog too. hopefully I can update things here sporadically.
Quotable Quotes: Hair on your neck :-) | MoodleUs.org says

[...] Belfield, a comment on the post “2 Moodle security vulnerabilities” on the Relearn blog. http://www.relearn.ie/2008/02/29/2-moodle-security-vulnerabilities/ [...]

Leave a comment