- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21588
- Проверка EDB
-
- Пройдено
- Автор
- BEREND-JAN WEVER
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- cve-2002-1007
- Дата публикации
- 2002-07-01
Код:
source: https://www.securityfocus.com/bid/5137/info
Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters.
Attackers may exploit this condition via a malicious link to a site running the vulnerable software. Successful exploitation will enable an attacker to cause script code to be executed in the web browser of a user who visits the malicious link.
It has been reported that there other instances where Blackboard fails to sanitize arbitrary HTML and script code.
http://target/bin/login.pl?course_id="><SCRIPT>alert()</SCRIPT>- Источник
- www.exploit-db.com
