Date: 11 Apr 2005 18:33:51 -0000
From: <lacertosum@yahoo.com.>
To: [email protected]Subject: WebCT 4.1 vulnerable to XSS attacks
X-Virus-Scanned: antivirus-gw at tyumen.ru
The discussion board feature of WebCT is vulnerable to XSS.
Here is the proof of concept:
When you are composing a new message, in the message field of the form, type this:
</pre><table background=java	script:alert("XSS Warning")>
</table>
Then submit the message. You should see a JavaScript alert box that says "XSS Warning" when you wiew your message. It is also possible to redirect users that view the message to an outside page (I did this on my college's WebCT board). Obviously, a malicious person could exploit this to steal WebCT's cookies and possibly compromise user accounts.
The redirect exploit is simple enough:
</pre><table background=java	script:location.replace("URL")>
</table>
