Blackboard Academic Suite Input Validation Hole in Essay Test Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID: 1016556|
SecurityTracker URL: http://securitytracker.com/id/1016556
(Links to External Site)
Updated: Jun 13 2008|
Original Entry Date: Jul 24 2006
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information|
Exploit Included: Yes |
A vulnerability was reported in Blackboard Academic Suite. A remote user can conduct cross-site scripting attacks.|
The software does not properly filter HTML code from user-supplied input in essay test responses before displaying the input. A remote authenticated user can submit specially crafted text as an essay test response. When the response is viewed by a target user (generally an instructor), arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running the Blackboard software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
harbl at hushmail.com reported this vulnerability.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Blackboard software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.|
No solution was available at the time of this entry.|
Vendor URL: www.blackboard.com/ (Links to External Site)
Input validation error|
|Underlying OS: Linux (Red Hat Enterprise), Linux (Red Hat Linux), UNIX (Solaris - SunOS), Windows (2000), Windows (2003)|
Source Message Contents
Subject: Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting|
-----BEGIN PGP SIGNED MESSAGE-----
I. Affected Software
Blackboard Academic Suite 126.96.36.199
Prior or newer versions may also be affected.
Vendor website: http://www.blackboard.com/
Objective: Privilege escalation
There is a persistent/stored/second-order cross-site scripting
vulnerability within the testing functionality of Blackboard
Academic Suite 6.2.23. The vulnerability can be used by attackers
who have unprivileged user accounts to escalate their privileges
within one or more Blackboard courses, or, with luck, gain system-
wide Blackboard administrative privileges. Privilege escalation is
possible by using the vulnerability to steal "session_id" cookies
from users whose accounts have higher privileges than the
attacker's account. An additional attack opportunity may exist if
an attacker has identified a remotely-exploitable vulnerability in
Blackboard Academic Suite 6.2.23 attempts to defend against this
to validate input is a bad idea. In this case, the attacker can
his/her web browser.
To exploit the vulnerability when using Mozilla Firefox to access a
Blackboard Academic Suite 188.8.131.52 system:
1. As a user with the course instructor role, create a test in any
course and add an essay question to the test. Deploy the test in a
course area that is available to students in the course.
2. Login to the course as a user who has the student role in the
course selected for step 1. Access the course; you should now see
the course's entry point page.
4. Navigate to and click the link for the test created in step 1.
Begin the test.
5. The essay question created in step 1 should appear. Click the
"HTML" radio button below the question's response box. Enter
8. Login as the course instructor.
9. Access the course selected in step one. In the course's control
panel, click "Gradebook", then click the name of the test created
in step one, and then click "View Attempt Details".
the target’s browser in the security context of the Blackboard
website being accessed.
There is no known solution at this time.
The vendor has been aware of this vulnerability for at least two
and one-half months.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
-----END PGP SIGNATURE-----
Concerned about your privacy? Instantly send FREE secure email, no account required
Get the best prices on SSL certificates from Hushmail