Disclosure: IntraLearn 2.1 Multiple Vulnerabilities


1) Cross-site Scripting (XSS)

URL Variables
/library/description_link.cfm outline, course
/library/courses_catalog.cfm records_to_display, the_start

2) Login Information Cached In Memory

The login POST requests for the IntraLearn returns a 200 OK HTTP response code. As long as the browser window is not closed, it is possible for someone to use the browsers “Back” button until the page after the login page is reached. At this point, the browser will prompt the user to re-post the data to the server. This
data, the username and password, is pulled from memory and resubmitted to the server. The user will then be authenticated to the IntraLearn application.

3) IntraLearn Physical Path Disclosure

Several pages of the IntraLearn web application disclose the physical path of the software installation. By making a direct request to one of several pages, the application wll cause an error message that discloses the information.


2008-02-17 support@intralearn.com contacted
2008-02-21 reply from P.D. @intralearn received; 2.1 is outdated, up to 4.2.3 or 5.1 (soon) to fix
2008-03-15 disclosed

Leave a Reply

%d bloggers like this: