[38317] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

WebCT 4.1 vulnerable to XSS attacks

daemon@ATHENA.MIT.EDU (lacertosum@yahoo.com)
Tue Apr 12 10:39:44 2005

Date: 11 Apr 2005 18:33:51 -0000
Message-ID: <20050411183351.30807.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <lacertosum@yahoo.com>
To: bugtraq@securityfocus.com

The discussion board feature of WebCT is vulnerable to XSS.

Here is the proof of concept:
When you are composing a new message, in the message field of the form, type this:

</pre><table background=java&#x09;script:alert("XSS Warning")>
</table>

Then submit the message. You should see a JavaScript alert box that says "XSS Warning" when you wiew your message. It is also possible to redirect users that view the message to an outside page (I did this on my college's WebCT board). Obviously, a malicious person could exploit this to steal WebCT's cookies and possibly compromise user accounts. 

The redirect exploit is simple enough:
</pre><table background=java&#x09;script:location.replace("URL")>
</table>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38317] in bugtraq

WebCT 4.1 vulnerable to XSS attacks

daemon@ATHENA.MIT.EDU (lacertosum@yahoo.com)Tue Apr 12 10:39:44 2005

daemon@ATHENA.MIT.EDU (lacertosum@yahoo.com)
Tue Apr 12 10:39:44 2005