Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: BlackBoard Academic Suite ?
From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Thu, 28 Sep 2006 20:03:02 -0400

Just run the gullet as you would for any Web Application test.

Just poking around, there is at least some forms of XSS in some of the file name fields when you would be uploading a file.

Hope that helps, as I was a user of the software, not a pen-tester :-)

Shirkdog
http://www.shirkdog.us




From: 09sparky () gmail com
To: pen-test () securityfocus com
Subject: BlackBoard Academic Suite ?
Date: 28 Sep 2006 22:07:01 -0000

I will be trying to bypass Blackboard Academic Suite security for an upcoming Penetration Test and was wondering if anyone has had resent sucess with the later versions of Blackboard Academic Suite. I haven't been able to probe for an exact versoin #, but my guess is that it is a recent version. I have seen the posts on this site about CSS, but my guess is they won't work for this client. Any suggestions , or links to exploits in the wild?

Thanks,
Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


_________________________________________________________________
Be seen and heard with Windows Live Messenger and Microsoft LifeCams http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://www.microsoft.com/hardware/digitalcommunication/default.mspx?locale=en-us&source=hmtagline


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]