11/20/2023 0 Comments Adding files to moodle coderunner![]() This prevents students to cheat and simply share their results. ![]() Among them is the calculated question which allows teachers to enter a mathematical formula that will be evaluated by Moodle dynamically on randomized input variables. Moodle allows teachers to set up a quiz with many types of questions. In the following section, we will examine the technical details of the vulnerability. This Moodle question behaviour was created by Richard Lobb, University of Canterbury, New Zealand. By using a specially crafted math-formula which is evaluated by Moodle - the attacker bypasses an internal security mechanism that prevented the execution of malicious commands. Adaptive question behaviour for CodeRunner questions. It should be possible to grade multiple questions concurrently. The problem with running SQL questions on a mysql server or similar is that each question, or in fact each separate test case, needs to be run in a database context set up by the question author. Given these requirements and the knowledge of the vulnerability, the adversary will be able to execute arbitrary commands on the underlying operating system of the server running Moodle. by Richard Lobb - Thursday, 26 October 2017, 2:36 PM. Escalating to this role via another vulnerability, such as XSS, would also be possible. ![]() Impact - Who can exploit what?Īn attacker must be assigned the teacher role in a course of the latest Moodle (earlier than 3.5.0) running with default configurations. In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release (CVE-2018-1133). CodeRunner is a free open-source question-type plug-in for Moodle that can run program code submitted by students in answer to a wide range of programming questions in many different languages. Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |