![]() ![]() In addition to following the security advisories of each installed component, also follow those of the upstream projects in case their fixes are not applied to the forks in a timely manner. Ensure that the uninstallation also removes the directory from the web server’s file system (such as /var/Using third party components forked from other projects carries a higher risk the further the development goes from the upstream project. Uninstall the plugin from Moodle’s Site Administration interface. The following link contains a Base64-encoded file, which the server decodes and provides to the victim when the link is accessed. Reflected Cross-Site ScriptingĪccessing the following link runs JavaScript code in the context of the victim’s browser. Access to the server’s file system may however enable an attacker to gain access elsewhere. The accessed files are not included in PHP code, so an attacker will not be able to execute their own code on the server through this vulnerability alone. Any file the web server process has access to is readable by an attacker. Proof of Concept Directory TraversalĪccessing the following link reads a file from the Moodle server’s file system, in this case the Moodle configuration file with database credentials. ![]() Note that JSmol is not a different program to Jmol: it is Jmol, just compiled into JavaScript instead of Java (thanks to the Java2Script software). The JSmol Moodle plugin was forked from the JSmol project, where the directory traversal and server-side request forgery vulnerability was partially fixed in 2015. JSmol allows rendering, scripting and interaction with the models just as Jmol does, since the source code is shared by both. Note that authentication is not required to exploit these vulnerabilities. Other parameters in the plugin are also vulnerable to reflected cross-site scripting. This makes Moodle instances with this plugin installed vulnerable to directory traversal and server-side request forgery in the default PHP setup, and if PHP’s “ expect” wrapper is enabled, also to remote code execution. This PHP proxy script calls the function file_get_contents() on unvalidated user input. The plugin implements a PHP server-side proxy in order to load third party resources bypassing client-side security restrictions. The Jmol/JSmol plugin for the Moodle Learning Management System displays chemical structures in Moodle using Java and JavaScript. In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |