BugTraq
Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02 Jul 27 2008 10:03AM
supportrup gmail com
-######### [Saved] - [27-07-2008/13:10:02]

# .: Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02

# .: [Author] CSDT

# .: [Affected versions] http://www.webwizguide.com/ - Web Wiz Rich Text Editor (RTE) 4.02

# .: [Credit] The disclosure of these issues has been credited to autehoker of CSDT

# ÷_______________________________________________________________________
______________________?

# .: [Script Description]

# (Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in

# Web Wiz Rich Text Editor (RTE) 4.02 and earlier, and 3.x versions, allow remote attackers

# to inject arbitrary web scripting. This flaw exists because the application does not validate

# the Link Type ( "Email" ) variables upon submission to the RTE_popup_link.asp script.

# This could allow a user to create a specially craftedURL that would execute arbitrary code

# in a user's browser within the trust relationship between the browser and the server,

# leading to a loss of integrity.

# ÷_______________________________________________________________________
______________________?

# .: [Classification]

# Attack Type: Input Manipulation

# Impact: Loss of Integrity

# Fix: N/A Public release vulnz: {27-07-2008 Sun}

# Class Input Validation Error

# ÷_______________________________________________________________________
______________________?

# .: [Solution]

# Upgrade to version 4.03 or higher, as it has been reported to fix this vulnerability.

# An upgrade is required as there are no known workarounds.

# Actual Version: Web Wiz Rich Text Editor (RTE) 4.02

# ÷_______________________________________________________________________
______________________?

# .: [References]

# Original Advisory http://depo2.nm.ru/WebWiz_Rich_Text_Editor_v4.02_XSS.txt

# Related Depo2 BugTracker: http://depo2.nm.ru/WebWiz_Rich_Text_Editor_v4.02_XSS.txt

# ÷_______________________________________________________________________
______________________?

# .: [Manual Testing Notes]

# ÷

# Web Wiz Rich Text Editor version 4.02 // RTE_popup_link.asp

#

# function initialise(){

# var selectedRange = window.opener.document.getElementById('WebWizRTE').contentWindow.window.
getSelection().toString();

# //Use editor selected range to fill text boxes

# if (selectedRange != undefined){

# document.getElementById('URL').value = selectedRange

# document.getElementById('email').value = selectedRange

# }

# ÷

# Select Link Type: Email - {Email value not filtered}

# ¤ span id="mailLink"

# ¤ input name="email" onfocus="document.forms.frmLinkInsrt.Submit.disabled=false;

# //Line 65 post back If Request.Form("URL") <> "" OR Request.Form("email") <> "" AND Request.Form("postBack") Then

# ÷

# ÷_______________________________________________________________________
______________________?

# .: [Script Download] {Free lisans: http://www.webwizguide.com/download/download.asp?DL=rte}

# .: [XSS] U-Code %3C/textarea%3E'%22%3E%3Cscript%3Ealert('document.cookie')%3C/script%3E

# .: [XSS] N-Code </textarea>'"><script>alert(document.cookie)</script> {XSSing.Com - XSS CHEATS Auth. Depo2}

# .: [ScreenShot] http://depo2.co.cc/WebWiz_Rich_Text_Editor_v4.02_XSS.jpg

# .: [Demo] http://www.webwizguide.com/webwizrichtexteditor/demo/RTE_popup_link.asp

# ÷_______________________________________________________________________
______________________?

# .: [Greetings]

# ÷

# .:[shoutz] L0cKed, Elrohir, xo7, Th3.Azad, Depo2, The_keSsk!N, MadNet, hayalperest, K4R4B3L4

# ÷ ankuN, row3r, LekHe, M3M4T!, Dr.ExPERT, MuR@T, Bigboss, EjDeRx7, Arslan Yabgu, türk_üz, by.s.s,

# makmanaman, İsimsizCod3r, hackerali, **De-PreaM**, DarKWorM, Brian, |_GeCCe_|, BİXİi , EkBeR-I DeRYa

# ÷

# .: [SS] CSDT- Atabeyler TIM - Atabeyler.Org

-########_______________________________________________________________
________________________ ####

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus