Researchers have cautioned that a security flaw in the e-learning platform Moodle might allow an attacker to gain control of a database and potentially steal sensitive information. Moodle is an open-source educational platform that helps academic institutions to develop online learning resources for students.
According to researchers, the website is vulnerable to a second-order SQL injection problem, which might allow an attacker to gain control of a database server. Teachers may develop personalized badges for their students, which they can acquire by completing objectives like courses or essays.
An attacker with instructor status might put a malicious SQL query into the database while producing these badges. Later, that data is retrieved from the database and inserted into another query without being sanitized. The inserted SQL query will be run when the badge is activated for student access.
The attack is outlined in detail by researcher ‘dugisec’ in a blog post. It’s worth noting that a malicious actor will need to be logged in as a teacher to carry out this attack. On the other hand, the consequences of the authenticated flaw may be disastrous. According to the researcher who discovered the flaw, it may also be exploited in a stored XSS attack.
The researcher said that this flaw appears to have been disclosed in a 2013 GitHub post. According to the report, they need to construct a badge and add certain criteria to get the SQL query into the database. The sql-to-be-executed-2nd-order is entered into the database when the criteria is added. Finally, the injected SQL is run when the badge is activated.