lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY1-F104BWwew8w0qr0001e24d@hotmail.com>
Date: Tue, 18 May 2004 10:40:28 -0500
From: "spiffomatic 64" <spiffomatic64@...mail.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: WebCT: XSS vulnerability


Vendor : WEBCT
URL : http://webct.com/
Version : WebCT Campus Edition Version 4.1
Risk : Cross site scripting

Description: WebCT is the world's leading provider of e-learning systems for 
educational

institutions.

	WebCT's vision is to deliver innovative e-learning solutions to help 
institutions

improve educational outcomes for students around the world.

WebCT is a trusted industry leader in providing e-learning systems for 
educational

institutions. Thousands of institutions in more than 70 countries worldwide 
are expanding

the boundaries of teaching and learning with WebCT.


Cross site scripting: The filtering script for the discussion board doesnt 
filter iframe,

img, or object. All of which can take advantage of xss and because of the 
way my schoo was

setup this lead to full access to their email, and account information.

Solution: The easiest way would be to just disallow iframe,img,and object 
tags or html tags

at all.

Credits: Credits goto http://hackthissite.org. It provided a nice, open, 
legal environment

for me to try new things and learn from those who know. A place where you 
are not

reprimanded even if u deface a page or two. A place where I started with no 
knowledge and

in less than a year found new vulnerabilities of my own. Thank you 
http://hackthissite.org.

Lab rats: The Nick's, Shrinidhi, Charbel and most importantly to Halley, you 
give me the

strength and courage to do all that I do, without you I am nothing. Thank 
you sweetheart.

Exploit: This is exploited using iframe,img, or object tags to redirect you 
to a maliscious

site.

Spiffomatic64
Hacking is an art-form

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ