Full Disclosure mailing list archives
WebCT: XSS vulnerability
From: "spiffomatic 64" <spiffomatic64 () hotmail com>
Date: Tue, 18 May 2004 10:40:28 -0500
Vendor : WEBCT URL : http://webct.com/ Version : WebCT Campus Edition Version 4.1 Risk : Cross site scriptingDescription: WebCT is the world's leading provider of e-learning systems for educational
institutions.WebCT's vision is to deliver innovative e-learning solutions to help institutions
improve educational outcomes for students around the world.WebCT is a trusted industry leader in providing e-learning systems for educational
institutions. Thousands of institutions in more than 70 countries worldwide are expanding
the boundaries of teaching and learning with WebCT.Cross site scripting: The filtering script for the discussion board doesnt filter iframe,
img, or object. All of which can take advantage of xss and because of the way my schoo was
setup this lead to full access to their email, and account information.Solution: The easiest way would be to just disallow iframe,img,and object tags or html tags
at all.Credits: Credits goto http://hackthissite.org. It provided a nice, open, legal environment
for me to try new things and learn from those who know. A place where you are not
reprimanded even if u deface a page or two. A place where I started with no knowledge and
in less than a year found new vulnerabilities of my own. Thank you http://hackthissite.org.
Lab rats: The Nick's, Shrinidhi, Charbel and most importantly to Halley, you give me the
strength and courage to do all that I do, without you I am nothing. Thank you sweetheart.
Exploit: This is exploited using iframe,img, or object tags to redirect you to a maliscious
site. Spiffomatic64 Hacking is an art-form _________________________________________________________________FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- WebCT: XSS vulnerability spiffomatic 64 (May 18)
- Is there any open source project support virtual machines Jianqiang Xin (May 19)
- Re: Is there any open source project support virtual machines Maxime Ducharme (May 19)
- Re: Is there any open source project support virtual machines p00p (May 19)
- SV: Is there any open source project support virtual machines Anders Palm (May 19)
- Re: Is there any open source project support virtual machines Rainer Duffner (May 20)
- Is there any open source project support virtual machines Jianqiang Xin (May 19)