IntraLearn 2.1 Multiple Vulnerabilities


http://www.intralearn.com/
   
   
1) Cross-site Scripting (XSS)

URL                             Variables
/library/description_link.cfm   outline, course
/library/courses_catalog.cfm    records_to_display, the_start

2) Login Information Cached In Memory 

The login POST requests for the IntraLearn returns a 200 OK HTTP response code. As 
long as the browser window is not closed, it is possible for someone to use the 
browsers "Back" button until the page after the login page is reached. At this 
point, the browser will prompt the user to re-post the data to the server. This 
data, the username and password, is pulled from memory and resubmitted to the 
server. The user will then be authenticated to the IntraLearn application.

3) IntraLearn Physical Path Disclosure 

Several pages of the IntraLearn web application disclose the physical path of the 
software installation. By making a direct request to one of several pages, the 
application wll cause an error message that discloses the information.

/help/1/Instructor/Knowledge_Impact_Course.htm                   
/help/1/Instructor/LRN-formatted_Course.htm                      
/help/1/Instructor/Create_Course.htm                   


2008-02-17 support@intralearn.com contacted
2008-02-21 reply from P.D. @intralearn received; 2.1 is outdated, up to 4.2.3 or 5.1 (soon) to fix
2008-03-15 disclosed


Jericho
attrition.org