Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: WebCT 4.1 vulnerable to XSS attacks

WebCT 4.1 vulnerable to XSS attacks

From: <lacertosum_at_yahoo.com>
Date: 11 Apr 2005 18:33:51 -0000
('binary' encoding is not supported, stored as-is) The discussion board feature of WebCT is vulnerable to XSS.

Here is the proof of concept:
When you are composing a new message, in the message field of the form, type this:

</pre><table background=java&#x09;script:alert("XSS Warning")>
</table>

Then submit the message. You should see a JavaScript alert box that says "XSS Warning" when you wiew your message. It is also possible to redirect users that view the message to an outside page (I did this on my college's WebCT board). Obviously, a malicious person could exploit this to steal WebCT's cookies and possibly compromise user accounts.

The redirect exploit is simple enough:
</pre><table background=java&#x09;script:location.replace("URL")>
</table>
Received on Apr 12 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]