SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Blackboard Vendors:   Blackboard
Blackboard Learning and Community Portal System Input Validation Holes Let Remote Users Conduct Cross-site Scripting Attacks
SecurityTracker Alert ID:  1004677
SecurityTracker URL:  http://securitytracker.com/id/1004677
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 2 2002
Impact:   Disclosure of authentication information, Disclosure of user information, Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 5
Description:   Several input validation vulnerabilities were reported in the Blackboard Learning System. A remote user can conduct cross-site scripting attacks against other Blackboard users.

A remote user can create a URL that, when loaded by a target user, will cause arbitrary script code to run on the target user's browser. The code will appear to originate from the server running Blackboard and will run in the security context of that site. As a result, the code may be able to access the target user's cookies associated with the site running Blackboard, access data submitted by the target user to the site via a web form, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

http://[server]/bin/login.pl?course_id="><SCRIPT>alert()</SCRIPT>

It is reported that a remote user can also insert script code into the "title" field of messages posted to the server. In this manner, a target user can be attacked when the target user views the message.

The vendor has reportedly been notified.

Impact:   A remote user may be able to access a target user's cookies associated with the site running Blackboard, access data submitted by the target user to the site via a web form, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  products.blackboard.com/cp/bb5/orientation/index.cgi (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Red Hat Linux), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  CSS in blackboard




Product: Blackboard 5
Vendor: Blackboard inc
Website: www.Blackboard.com

Reported: 24 apr 2002: Discovered CSS in blackboard program and 
company.blackboard.com. Reported CSS in blackboard program at 
http://company.blackboard.com/contactus/Suggestions.cgi.
Reported CSS in company.blackboard.com to dyaskin@blackboard.com

Problem: Blackboard 5 contains multiple input validation errors, 
exploitable with Cross-site scripting, an example: http://
[server]/bin/login.pl?course_id="><SCRIPT>alert()</SCRIPT>
The people at Blackboard seem not to have a clue about CSS and have 
therefore almost totally forgotten to check the user input against illegal 
characters. Even more interresting than the "poisoned link" example above 
is the possibility to create a "CSS Traps" by poisoning messages in the 
group discussion board. SCRIPTs can be inserted into the title of messages.

Some more examples of the apparant ignorance of the people at blackboard:
http://company.blackboard.com/contactus/ProcessInfo.cgi?Response=7&CTID="]
[SCRIPT]alert(document.cookie)[/SCRIPT]
http://company.blackboard.com/contactus/index.cgi?Message=[SCRIPT]alert
(document.cookie)[/SCRIPT]
(replace [ & ] with < & >, duh...)

Berend-Jan Wever aka SkyLined
http://spoor12.edup.tudelft.nl

http://spoor12.edup.tudelft.nl/SkyLined v4.2/?Cross site scripting archive

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC