projects and works

Click on any item to view more information

Mel with Snowstorm An example of what can be performed with the attack - adding snowstorm.js to a page. This is a relatively harmless example, but it shows that an attacker's JavaScript can be executed on that page, which means that pretty much anything can be done.

Blackboard is a company that, in their own words, started out with a unique idea - if we are not learning something new everyday, we are not moving forward. They feature a number of education portals, such as Blackboard Learn, for students and teachers to make use of to share materials, allow easy access to quizzes, both practice and graded, and submit assignments. Blackboard Learn is a fairly widely used software that is used by many schools, including Ngee Ann Poly, Singapore Poly, and a number of universities.
It is also vulnerable to specific attacks that can cause damage, should an attacker wish to do so. The main page itself, shown when anybody logs in, is vulnerable enough such that malicious scripts from an attack can be executed. This allows the attack to fake anything in the page, including claiming that their passwords need to be changed, or blanking out the page. Worse still, the attack also allows the attacker to upload a page onto Blackboard Learn. This page will be displayed with the same domain as Blackboard Learn, which means that if a phishing page was generated in this method, not only would it look legitimate, it would have the same domain, the same certificate, the same green lock, AND the non-domain part of the URL can easily be changed through JavaScript to look as if the victim is on a login page. This makes it very hard for a person to detect that he is being phished. There are even further vulnerabilities that allow it to act like a worm - spreading by itself without an attacker's input!
Along with 2 other friends, we developed a suite of attacks that can be easily used on anyone, making use of all the vulnerabilities listed above, then reported it to Ngee Ann Poly's teacheres.

Unfortunately, I am currently under Non-disclosure Agreement (NDA), and thus cannot reveal much of the details to the public until the vulnerability has been patched, which is why this description is so vague. Stay tuned for details!