WebCT Campus Edition HTML Injection Vulnerability
BID:9999
Info
WebCT Campus Edition HTML Injection Vulnerability
| Bugtraq ID: | 9999 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2004 12:00AM |
| Updated: | Mar 29 2004 12:00AM |
| Credit: | Discovery is credited to Simon Boulet <[email protected]>. |
| Vulnerable: |
WebCT WebCT Campus Edition 4.1.1 .5 WebCT WebCT Campus Edition 4.1 WebCT WebCT Campus Edition 4.0 WebCT WebCT Campus Edition 3.8.4 WebCT WebCT Campus Edition 3.8 |
| Not Vulnerable: |
WebCT WebCT Campus Edition 4.1 SP2 Hotfix 40832 WebCT WebCT Campus Edition 4.0 SP3 Hotfix 40833 WebCT WebCT Campus Edition 3.8.4 Hotfix 8 |
Discussion
Exploit / POC
WebCT Campus Edition HTML Injection Vulnerability
No exploit is required.
The following proof of concept has been provided:
<style type="text/css">
@import url(javascript:alert(document.cookie));
</style>
No exploit is required.
The following proof of concept has been provided:
<style type="text/css">
@import url(javascript:alert(document.cookie));
</style>
Solution / Fix
WebCT Campus Edition HTML Injection Vulnerability
Solution:
The vendor has released WebCT CE 4.1 SP2 Hotfix 40832, WebCT CE 4.0 SP3 Hotfix 40833 and WebCT CE 3.8.4 Hotfix 8 to address this issue.
WebCT WebCT Campus Edition 3.8
WebCT WebCT Campus Edition 3.8.4
WebCT WebCT Campus Edition 4.0
WebCT WebCT Campus Edition 4.1
WebCT WebCT Campus Edition 4.1.1 .5
Solution:
The vendor has released WebCT CE 4.1 SP2 Hotfix 40832, WebCT CE 4.0 SP3 Hotfix 40833 and WebCT CE 3.8.4 Hotfix 8 to address this issue.
WebCT WebCT Campus Edition 3.8
-
WebCT CE 3.8.4 Hotfix 8
http://download.webct.com/ce+/3.8/hotfixes/384_hotfix_rel_notes.html
WebCT WebCT Campus Edition 3.8.4
-
WebCT CE 3.8.4 Hotfix 8
http://download.webct.com/ce+/3.8/hotfixes/384_hotfix_rel_notes.html
WebCT WebCT Campus Edition 4.0
-
WebCT CE 4.0 SP3 Hotfix 40833
http://download.webct.com/ce+/4.0/hotfixes/40sp3_hotfix_rel_notes.html
WebCT WebCT Campus Edition 4.1
-
WebCT CE 4.1 SP2 Hotfix 40832
http://download.webct.com/ce+/4.1/hotfixes/41sp2_hotfix_rel_notes.html
WebCT WebCT Campus Edition 4.1.1 .5
-
WebCT CE 4.1 SP2 Hotfix 40832
http://download.webct.com/ce+/4.1/hotfixes/41sp2_hotfix_rel_notes.html
References
WebCT Campus Edition HTML Injection Vulnerability
References:
References:
- WebCT Homepage (WebCT)
- WebCT Campus Edition 4.1 - Cross site scripting using CSS @import (Simon Boulet
)