[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY1-F104BWwew8w0qr0001e24d@hotmail.com>
From: spiffomatic64 at hotmail.com (spiffomatic 64)
Subject: WebCT: XSS vulnerability
Vendor : WEBCT
URL : http://webct.com/
Version : WebCT Campus Edition Version 4.1
Risk : Cross site scripting
Description: WebCT is the world's leading provider of e-learning systems for
educational
institutions.
WebCT's vision is to deliver innovative e-learning solutions to help
institutions
improve educational outcomes for students around the world.
WebCT is a trusted industry leader in providing e-learning systems for
educational
institutions. Thousands of institutions in more than 70 countries worldwide
are expanding
the boundaries of teaching and learning with WebCT.
Cross site scripting: The filtering script for the discussion board doesnt
filter iframe,
img, or object. All of which can take advantage of xss and because of the
way my schoo was
setup this lead to full access to their email, and account information.
Solution: The easiest way would be to just disallow iframe,img,and object
tags or html tags
at all.
Credits: Credits goto http://hackthissite.org. It provided a nice, open,
legal environment
for me to try new things and learn from those who know. A place where you
are not
reprimanded even if u deface a page or two. A place where I started with no
knowledge and
in less than a year found new vulnerabilities of my own. Thank you
http://hackthissite.org.
Lab rats: The Nick's, Shrinidhi, Charbel and most importantly to Halley, you
give me the
strength and courage to do all that I do, without you I am nothing. Thank
you sweetheart.
Exploit: This is exploited using iframe,img, or object tags to redirect you
to a maliscious
site.
Spiffomatic64
Hacking is an art-form
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Powered by blists - more mailing lists