Exploit WebCT Campus Edition 3.8/4.x - HTML Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23893
Проверка EDB
  1. Пройдено
Автор
SIMON BOULET
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-2004-1872
Дата публикации
2004-03-29
Код:
source: https://www.securityfocus.com/bid/9999/info

It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.

WebCT Campus Edition version 4.1 is reported to be affected by this issue. 

<style type="text/css">
@import url(javascript:alert(document.cookie));
</style>
 
Источник
www.exploit-db.com

Похожие темы