|
Bugtraq
mailing list archives
CSS in blackboard
From: Berend-Jan Wever <skylined () edup tudelft nl>
Date: 1 Jul 2002 18:44:25 -0000
Product: Blackboard 5
Vendor: Blackboard inc
Website: www.Blackboard.com
Reported: 24 apr 2002: Discovered CSS in blackboard program and
company.blackboard.com. Reported CSS in blackboard program at
http://company.blackboard.com/contactus/Suggestions.cgi.
Reported CSS in company.blackboard.com to dyaskin () blackboard com
Problem: Blackboard 5 contains multiple input validation errors,
exploitable with Cross-site scripting, an example: http://
[server]/bin/login.pl?course_id="><SCRIPT>alert()</SCRIPT>
The people at Blackboard seem not to have a clue about CSS and have
therefore almost totally forgotten to check the user input against illegal
characters. Even more interresting than the "poisoned link" example above
is the possibility to create a "CSS Traps" by poisoning messages in the
group discussion board. SCRIPTs can be inserted into the title of messages.
Some more examples of the apparant ignorance of the people at blackboard:
http://company.blackboard.com/contactus/ProcessInfo.cgi?Response=7&CTID=";]
[SCRIPT]alert(document.cookie)[/SCRIPT]
http://company.blackboard.com/contactus/index.cgi?Message=[SCRIPT]alert
(document.cookie)[/SCRIPT]
(replace [ & ] with < & >, duh...)
Berend-Jan Wever aka SkyLined
http://spoor12.edup.tudelft.nl
http://spoor12.edup.tudelft.nl/SkyLined v4.2/?Cross site scripting archive
 By Date 
By Thread
Current thread:
- CSS in blackboard Berend-Jan Wever (Jul 01)
| 
Intro
