ثغرات الإدخال في قواعد البيانات لنظام موودل المستخدم في جامعة السودان المفتوحة و حمايتها

Abstract EN

This research deals with the issue of (Sql injection in MOODLE which used in the Open University of Sudan) .

It includes three frameworks: the first is the general framework of the research, which consists of the research problem, objectives, importance, hypotheses and procedures of the research; the second discusses the theoretical framework of research, which includes the E- Learning in the Open University of Sudan, MOODLE, Sql Injection and the previous studies, and finally, is the practical framework where the researcher writes the vulnerabilities and loopholes in MOODLE code.

At the end of the research, the researcher discusses the results and recommendations.

This research aims to find out how the presence of sql injection threats in the core of MOODLE code and the possibility of patching these threats to prevent the hacking of the system and protect the data therein.

The research found out two of the software vulnerabilities and loopholes in MOODLE code, sql injection and blind sql injection.

Eventually the researcher patched these vulnerabilities through using a practical approach, which depend on the researcher experience in dealing with MOODLE and PHP programming language, as well as using the Acunetix Web Vulnerability Scanner tool.

The study was applied to the Open University of Sudan, Khartoum region web site, where MOODLE is used as a main platform.