RE: BlackBoard Academic Suite ?

From: M. Shirk (shirkdog_list@hotmail.com)
Date: Thu Sep 28 2006 - 20:03:02 EDT

• Next message: 09sparky@gmail.com: "Re: BlackBoard Academic Suite ?"
• Previous message: Mark Mcdonald: "RE: XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning)"
• In reply to: 09sparky@gmail.com: "BlackBoard Academic Suite ?"
• Next in thread: C. Hamby: "Re: BlackBoard Academic Suite ?"
• Reply: C. Hamby: "Re: BlackBoard Academic Suite ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just run the gullet as you would for any Web Application test.

Just poking around, there is at least some forms of XSS in some of the file
name fields when you would be uploading a file.

Hope that helps, as I was a user of the software, not a pen-tester :-)

Shirkdog
http://www.shirkdog.us

>From: 09sparky@gmail.com
>To: pen-test@securityfocus.com
>Subject: BlackBoard Academic Suite ?
>Date: 28 Sep 2006 22:07:01 -0000
>
>I will be trying to bypass Blackboard Academic Suite security for an
>upcoming Penetration Test and was wondering if anyone has had resent sucess
>with the later versions of Blackboard Academic Suite. I haven't been able
>to probe for an exact versoin #, but my guess is that it is a recent
>version. I have seen the posts on this site about CSS, but my guess is
>they won't work for this client. Any suggestions , or links to exploits in
>the wild?
>
>Thanks,
>Sparky
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Need to secure your web apps?
>Cenzic Hailstorm finds vulnerabilities fast.
>Click the link to buy it, try it or download Hailstorm for FREE.
>http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>------------------------------------------------------------------------
>

_________________________________________________________________
Be seen and heard with Windows Live Messenger and Microsoft LifeCams
http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://www.microsoft.com/hardware/digitalcommunication/default.mspx?locale=en-us&source=hmtagline

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: 09sparky@gmail.com: "Re: BlackBoard Academic Suite ?"
• Previous message: Mark Mcdonald: "RE: XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning)"
• In reply to: 09sparky@gmail.com: "BlackBoard Academic Suite ?"
• Next in thread: C. Hamby: "Re: BlackBoard Academic Suite ?"
• Reply: C. Hamby: "Re: BlackBoard Academic Suite ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:03 EDT