Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13597
HistoryJul 24, 2006 - 12:00 a.m.

Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability

2006-07-2400:00:00
vulners.com
29
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I. Affected Software

Blackboard Academic Suite 6.2.3.23
Prior or newer versions may also be affected.
Vendor website: http://www.blackboard.com/

II. Impact

Subjective: Severe
Objective: Privilege escalation

III. Vulnerability

There is a persistent/stored/second-order cross-site scripting
vulnerability within the testing functionality of Blackboard
Academic Suite 6.2.23. The vulnerability can be used by attackers
who have unprivileged user accounts to escalate their privileges
within one or more Blackboard courses, or, with luck, gain system-
wide Blackboard administrative privileges. Privilege escalation is
possible by using the vulnerability to steal "session_id" cookies
from users whose accounts have higher privileges than the
attacker's account. An additional attack opportunity may exist if
an attacker has identified a remotely-exploitable vulnerability in
the javascript interpreter of the target user's web browser.

Blackboard Academic Suite 6.2.23 attempts to defend against this
vulnerability by using client-side javascript to remove any
javascript code entered into test questions. Trusting the client
to validate input is a bad idea. In this case, the attacker can
defeat the validation routine by simply disabling javascript in
his/her web browser.

To exploit the vulnerability when using Mozilla Firefox to access a
Blackboard Academic Suite 6.2.3.23 system:

  1. As a user with the course instructor role, create a test in any
    course and add an essay question to the test. Deploy the test in a
    course area that is available to students in the course.

  2. Login to the course as a user who has the student role in the
    course selected for step 1. Access the course; you should now see
    the course's entry point page.

  3. Turn off javascript in Firefox.

  4. Navigate to and click the link for the test created in step 1.
    Begin the test.

  5. The essay question created in step 1 should appear. Click the
    "HTML" radio button below the question's response box. Enter
    javascript code into the response box. Submit the test attempt.

  6. Logout.

  7. Turn on javascript in Firefox.

  8. Login as the course instructor.

  9. Access the course selected in step one. In the course's control
    panel, click "Gradebook", then click the name of the test created
    in step one, and then click "View Attempt Details".

  10. Find that the javascript code entered in step 5 is executed in
    the target’s browser in the security context of the Blackboard
    website being accessed.

IV. Solution

There is no known solution at this time.

V. Timetable

The vendor has been aware of this vulnerability for at least two
and one-half months.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkS/z58ACgkQPVniVs9rtmDMFwP/dG9UCjoxsJFxuFA2LBuLKZqNz4wZ
pJFJwXwu2gGsnDXtaN8/2iRZil5570T5u3lCfO7rFjYo/I/bHgnAGgZr3xAcd3VZYZ9Y
UHpUtc8oCwJ0CtFTGQx8nqRFBlM5whivmhqvf+CExaqNQnCF/J3c3dOG0tQn9tMhPVxI
WfWiN94=
=3xkv
-----END PGP SIGNATURE-----

Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

JSON