Untagged

As part of a course on Information Security, part of the course assesment came from a semester project. We had to exploit an application, preferably a web application, of our choice. Given that our university uses the Moodle platform for the course web pages, Moodle became an obvious first choice. Moodle is an excellent target because it is an old project, written in PHP, full of obscure features that are questionably maintained. Therefore it has a huge attack surface, and there are plenty of known vulnerabilities to exploit. Besides, PHP makes it easy to write insecure code: plenty of dynamic-language fun like eval() and unserialize(), magic methods, an extremely poor type system, and a long legacy of functions that require input sanitization before use. ...