exploit the possibilities

webctxss.txt

webctxss.txt
Posted May 18, 2004
Authored by spiffomatic64

WebCT is susceptible to cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 793da5337c66e4626ad0ae969206ede5

webctxss.txt

Change Mirror Download
Vendor : WEBCT
URL : http://webct.com/
Version : WebCT Campus Edition
Risk : Cross site scripting

Description: WebCT is the world's leading provider of e-learning systems for
educational institutions.

WebCT's vision is to deliver innovative e-learning solutions to help
institutions improve educational outcomes for students around the world.

WebCT is a trusted industry leader in providing e-learning systems for
educational institutions. Thousands of institutions in more than 70
countries worldwide are expanding the boundaries of teaching and learning
with WebCT.


Cross site scripting: The filtering script for the discussion board doesnt
filter iframe, img, or object. All of which can take advantage of xss and
because of the way my schoo was setup this lead to full access to their
email, and account information.

Solution: The easiest way would be to just disallow iframe,img,and object
tags or html tags at all.

Credits: Credits goto http://hackthissite.org. It provided a nice, open,
legal environment for me to try new things and learn from those who know. A
place where you are not reprimanded even if u deface a page or two. A place
where I started with no knowledge and in less than a year found new
vulnerabilities of my own. Thank you http://hackthissite.org. Lab rats: The
Nick's, Shrinidhi, Charbel and most importantly to Halley, you give me the
strength and courage to do all that I do, without you I am nothing. Thank
you sweetheart.

Exploit: This is exploited using iframe,img, or object tags to redirect you
to a maliscious site.

Spiffomatic64
Hacking is an art-form


--Look out for the winking man...
http://spiffomatic64.com

_________________________________________________________________
Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage!
http://join.msn.click-url.com/go/onm00200362ave/direct/01/

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close