RE: BlackBoard Academic Suite ?

---

• From: "M. Shirk" <shirkdog_list@xxxxxxxxxxx>
• Date: Thu, 28 Sep 2006 20:03:02 -0400

---

Just run the gullet as you would for any Web Application test.

Just poking around, there is at least some forms of XSS in some of the file name fields when you would be uploading a file.

Hope that helps, as I was a user of the software, not a pen-tester :-)

Shirkdog
http://www.shirkdog.us

From: 09sparky@xxxxxxxxx
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: BlackBoard Academic Suite ?
Date: 28 Sep 2006 22:07:01 -0000

I will be trying to bypass Blackboard Academic Suite security for an upcoming Penetration Test and was wondering if anyone has had resent sucess with the later versions of Blackboard Academic Suite. I haven't been able to probe for an exact versoin #, but my guess is that it is a recent version. I have seen the posts on this site about CSS, but my guess is they won't work for this client. Any suggestions , or links to exploits in the wild?

Thanks,
Sparky

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

_________________________________________________________________
Be seen and heard with Windows Live Messenger and Microsoft LifeCams http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http://www.microsoft.com/hardware/digitalcommunication/default.mspx?locale=en-us&source=hmtagline


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: BlackBoard Academic Suite ?
    • From: C. Hamby

• References:
  • BlackBoard Academic Suite ?
    • From: 09sparky

• Prev by Date: RE: XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning)
• Next by Date: Re: BlackBoard Academic Suite ?
• Previous by thread: BlackBoard Academic Suite ?
• Next by thread: Re: BlackBoard Academic Suite ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Boot floppy ... Root kit and other things? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ... (Pen-Test) RE: Informing Companies about security vulnerabilities... ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ... (Pen-Test) RE: Boot floppy ... I assume you're not in a domain, so you don't have admin privs on the ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ... (Pen-Test) Re: Boot floppy ... and the user's own manager won't reign them in, ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ... (Pen-Test) RE: Old @Stake Tools ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ... ting ding ting ding ting ding ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2006-09