|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Thursday, 10 November 2005 06:08 |
 eCollege is a online learning tool for colleges that allow students to upload homework, view grades, chat, and use a discussion forum for class activities as well as a host of other functions. The function I will be focusing on is the discussion forum. You can easily change the name which you post under to any ID you wish, even the instructors. You"re ID is hard coded in the to HTML of the posting page as part of the forum, so if the server allows off site linking to the script you can copy the source and edit the appropriate fields and post or use javascript injections and hand crafted addresses.
All versions of eCollege suite are affected.
No fix for this flaw have been posted by eCollege.
eCollege website: www.ecollege.com
|
