Finding Blackboard Security Issues

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
Blackboard is a popular LMS (Learning Management System), their software is proprietary and runs via JSP or Java Server Pages.

I have begun looking at their security and believe there may be several weaknesses within Blackboard. If anyone would like to help explore security issues, please join.

Notice the display of SYSTEM at the top
https://blackboard.towson.edu/webap...d=_1_1&newWindow=true&openInParentWindow=true
https://blackboard.towson.edu/webapps/blackboard/content/launchLink.jsp?course_id=_1_1

https://blackboard.towson.edu/webap...id=_-11_1&tool_type=TOOL&mode=view&mode=reset
Code:
blackboard.persist.PersistenceException: Unable to generate id. The provided key value is invalid (datatype: "blackboard.data.navigation.NavigationItem", value: "_-11_1") Unable to parse provided PkId string [_-11_1].
For reference, the Error ID is 53afad58-bba2-430e-b46d-3097fa2d4194.
Tuesday, January 31, 2017 12:45:34 AM EST

Code:
Critical Internal Error encountered while trying to render error page. If this problem persists please contact your System Administrator.
https://blackboard.towson.edu/webapps/blackboard/execute/courseMain?course_id=_1_1&task[]=false

https://blackboard.towson.edu/webapps/calendar/viewPersonal#

https://blackboard.towson.edu/webap...ps/searchwidgets/user/frameset.jsp?course_id=
Code:
java.lang.IllegalStateException: JspResourceIncludeUtil is disabled - Check: 
a) that this JSP has a top-level page tag, 
b) that this JSP doesn't have more than one top-level page tag, 
c) that a tag which uses this util is not used outside of the page-level tag.
For reference, the Error ID is 63a7aede-6f8a-4449-b8a3-c91c9996705b.
Tuesday, January 31, 2017 12:56:30 AM EST

https://blackboard.towson.edu/webap...s/configureUserGeneralSettings?action=display

https://blackboard.towson.edu/webap...ay&contextType=COURSE&enrollmentType=students

https://blackboard.towson.edu/webap...contextType=COURSE&enrollmentType=instructors

https://blackboard.towson.edu/webapps/xythoswfs/execute/resourcePicker/upload#

https://blackboard.towson.edu/webap...&course_id=_1_1&report_type=course.statistics

https://blackboard.towson.edu/webap...myGrades?course_id=_1_1&stream_name=mygrades#

https://blackboard.towson.edu/webap..._1_1&discussionboard_Id=_1_1&message_id=_1_1#

https://blackboard.towson.edu/webap...iew&streamName=stream&globalNavigation=false#
 
Top