Re: BlackBoard Academic Suite ?

From: C. Hamby (fixer@gci.net)
Date: Fri Sep 29 2006 - 09:44:17 EDT

• Next message: Paul Sutton: "RE: Old @Stake Tools"
• Previous message: Nish Bhalla: "RE: XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning)"
• In reply to: M. Shirk: "RE: BlackBoard Academic Suite ?"
• Next in thread: 09sparky@gmail.com: "Re: BlackBoard Academic Suite ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

They fixed that XSS last year so it only works on older versions (you'd
have to be about two patch cycles back, if I remember right)

-cdh

M. Shirk wrote:
> Just run the gullet as you would for any Web Application test.
>
> Just poking around, there is at least some forms of XSS in some of the
> file name fields when you would be uploading a file.
>
> Hope that helps, as I was a user of the software, not a pen-tester :-)
>
> Shirkdog
> http://www.shirkdog.us
>
>
>
>
>> From: 09sparky@gmail.com
>> To: pen-test@securityfocus.com
>> Subject: BlackBoard Academic Suite ?
>> Date: 28 Sep 2006 22:07:01 -0000
>>
>> I will be trying to bypass Blackboard Academic Suite security for an
>> upcoming Penetration Test and was wondering if anyone has had resent
>> sucess with the later versions of Blackboard Academic Suite. I
>> haven't been able to probe for an exact versoin #, but my guess is
>> that it is a recent version. I have seen the posts on this site about
>> CSS, but my guess is they won't work for this client. Any suggestions
>> , or links to exploits in the wild?
>>
>> Thanks,
>> Sparky
>>
>> ------------------------------------------------------------------------
>> This List Sponsored by: Cenzic
>>
>> Need to secure your web apps?
>> Cenzic Hailstorm finds vulnerabilities fast.
>> Click the link to buy it, try it or download Hailstorm for FREE.
>> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>>
>> ------------------------------------------------------------------------
>>
>
> _________________________________________________________________
> Be seen and heard with Windows Live Messenger and Microsoft LifeCams
> http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://www.microsoft.com/hardware/digitalcommunication/default.mspx?locale=en-us&source=hmtagline
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Paul Sutton: "RE: Old @Stake Tools"
• Previous message: Nish Bhalla: "RE: XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning)"
• In reply to: M. Shirk: "RE: BlackBoard Academic Suite ?"
• Next in thread: 09sparky@gmail.com: "Re: BlackBoard Academic Suite ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:03 EDT