Open mwithheld opened 5 years ago
Burp detected a potential reflected form action hijacking risk in the blog module. Arbitrary input in the URL was echoed in the action URL of the form for filtering blog posts by most comments (in the blog usage sidebar).
Request URL: GET /mod/oublog/view.php/t6vreissh2?id=659827 Resulting form markup in response: <form autocomplete="off" action="https://coursespaces2r.uvic.ca/mod/oublog/view.php/t6vreissh2"
To reproduce:
<div class="oublog_statsview_content oublog_statsview_content_commentpoststats oublog-accordion-open" ... <form autocomplete="off" action="https://my.moodle.com/mod/oublog/view.php/t6vreissh2" method="post" accept-charset="utf-8" id="mform1" class="mform">
Tested on version 2018032001 3.4 r1
This is an issue on all Moodle forms (that submit to the same page by passing $action=null)...
Burp detected a potential reflected form action hijacking risk in the blog module. Arbitrary input in the URL was echoed in the action URL of the form for filtering blog posts by most comments (in the blog usage sidebar).
Request URL: GET /mod/oublog/view.php/t6vreissh2?id=659827 Resulting form markup in response: <form autocomplete="off" action="https://coursespaces2r.uvic.ca/mod/oublog/view.php/t6vreissh2"
To reproduce:
Tested on version 2018032001 3.4 r1