|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Saturday, 19 November 2005 01:26 |
 eCollege is a online learning tool for colleges that allow students to upload homework, view grades, chat, and use a discussion forum for class activities as well as a host of other functions. The function I will be focusing on is the chat rooms. You can easly change the name you chat under to any name you wish, even the names of instructors.
The name you chat under is hardcoded into the link to the java client so a normal link would look like this:
http://online.school.edu/Shared/Portal/ocl/JavalightFrame.learn?sys=StudentUnion&EditFunction=Chat&smPlatform=WinIE&TypeCode=SU&MembershipType=&NuggetInstance_PK=1999&NuggetGUID={272DF596-379A-4D5C-9C93-CB5E3EDF425A}&Step=EnterChatRoom&RoomID=46&UserName=l33thacker&RoomName=Student+Union
The key part of the URL you need to edit is "UserName". In the URL above it says l33thacker, you can change it to what ever you want. Using this method users can also be cloned.
All versions of eCollege suite are affected.
No fix for this flaw have been posted by eCollege.
eCollege website: www.ecollege.com
|
