Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability

2006.08.01
Credit: harbl hushmail com
Risk: High
Local: No
Remote: Yes
CVE: CVE-2006-3914
CWE: CWE-Other


CVSS Base Score: 6/10
Impact Subscore: 6.4/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I. Affected Software Blackboard Academic Suite 6.2.3.23 Prior or newer versions may also be affected. Vendor website: http://www.blackboard.com/ II. Impact Subjective: Severe Objective: Privilege escalation III. Vulnerability There is a persistent/stored/second-order cross-site scripting vulnerability within the testing functionality of Blackboard Academic Suite 6.2.23. The vulnerability can be used by attackers who have unprivileged user accounts to escalate their privileges within one or more Blackboard courses, or, with luck, gain system- wide Blackboard administrative privileges. Privilege escalation is possible by using the vulnerability to steal "session_id" cookies from users whose accounts have higher privileges than the attacker's account. An additional attack opportunity may exist if an attacker has identified a remotely-exploitable vulnerability in the javascript interpreter of the target user's web browser. Blackboard Academic Suite 6.2.23 attempts to defend against this vulnerability by using client-side javascript to remove any javascript code entered into test questions. Trusting the client to validate input is a bad idea. In this case, the attacker can defeat the validation routine by simply disabling javascript in his/her web browser. To exploit the vulnerability when using Mozilla Firefox to access a Blackboard Academic Suite 6.2.3.23 system: 1. As a user with the course instructor role, create a test in any course and add an essay question to the test. Deploy the test in a course area that is available to students in the course. 2. Login to the course as a user who has the student role in the course selected for step 1. Access the course; you should now see the course's entry point page. 3. Turn off javascript in Firefox. 4. Navigate to and click the link for the test created in step 1. Begin the test. 5. The essay question created in step 1 should appear. Click the "HTML" radio button below the question's response box. Enter javascript code into the response box. Submit the test attempt. 6. Logout. 7. Turn on javascript in Firefox. 8. Login as the course instructor. 9. Access the course selected in step one. In the course's control panel, click "Gradebook", then click the name of the test created in step one, and then click "View Attempt Details". 10. Find that the javascript code entered in step 5 is executed in the target??s browser in the security context of the Blackboard website being accessed. IV. Solution There is no known solution at this time. V. Timetable The vendor has been aware of this vulnerability for at least two and one-half months. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkS/z58ACgkQPVniVs9rtmDMFwP/dG9UCjoxsJFxuFA2LBuLKZqNz4wZ pJFJwXwu2gGsnDXtaN8/2iRZil5570T5u3lCfO7rFjYo/I/bHgnAGgZr3xAcd3VZYZ9Y UHpUtc8oCwJ0CtFTGQx8nqRFBlM5whivmhqvf+CExaqNQnCF/J3c3dOG0tQn9tMhPVxI WfWiN94= =3xkv -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top