XimeraProject/server

Vulnerable bypass put access causes misfunctional grading

Opened this issue · 0 comments

Disclaimers!

The original intention of this article is to remind and inform the vulnerabilities and security problems in the system, if others take advantage of these vulnerabilities, these hacking acts will have nothing to do with this post, and the perpetrators who threaten the school's network security must be dealt with according to school regulations.

Details:

By resending the XHR packages "gradebook" and the title of the homework+Guided (e.g. in "Homework: Integration By Parts" there is an XHR titled "IntegrationByPartsGuided"), the Carmen Canvas will receive a false score that is updated to the student page, without actually answering any questions.

Sample:

image