OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Berend-Jan Wever (skylinededup.tudelft.nl)
Date: Mon Jul 01 2002 - 13:44:25 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) Product: Blackboard 5
    Vendor: Blackboard inc
    Website: www.Blackboard.com

    Reported: 24 apr 2002: Discovered CSS in blackboard program and
    company.blackboard.com. Reported CSS in blackboard program at
    http://company.blackboard.com/contactus/Suggestions.cgi.
    Reported CSS in company.blackboard.com to dyaskinblackboard.com

    Problem: Blackboard 5 contains multiple input validation errors,
    exploitable with Cross-site scripting, an example: http://
    [server]/bin/login.pl?course_id="><SCRIPT>alert()</SCRIPT>
    The people at Blackboard seem not to have a clue about CSS and have
    therefore almost totally forgotten to check the user input against illegal
    characters. Even more interresting than the "poisoned link" example above
    is the possibility to create a "CSS Traps" by poisoning messages in the
    group discussion board. SCRIPTs can be inserted into the title of messages.

    Some more examples of the apparant ignorance of the people at blackboard:
    http://company.blackboard.com/contactus/ProcessInfo.cgi?Response=7&CTID="]
    [SCRIPT]alert(document.cookie)[/SCRIPT]
    http://company.blackboard.com/contactus/index.cgi?Message=[SCRIPT]alert
    (document.cookie)[/SCRIPT]
    (replace [ & ] with < & >, duh...)

    Berend-Jan Wever aka SkyLined
    http://spoor12.edup.tudelft.nl

    http://spoor12.edup.tudelft.nl/SkyLined v4.2/?Cross site scripting archive