Full Disclosure mailing list archives

Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)

From: nukedx () nukedx com
Date: Mon, 09 Jan 2006 21:39:42 -0600

--Security Report--
Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)
---
Date: 08/01/06 07:19 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx () nukedx com
Web: http://www.nukedx.com
}

---
About: Via this method the WebWiz Forums <= 6.34 are being subjected to an
attack namely XSS attack a.k.a "Cross Site Scripting".The attacker, with the

help of user clicking to the exploited, is able to inject a code withthe link.


Example &
How:http://[site]/[webwizdir]/search_form.asp?ReturnPage=Search&search=XSS&searchMode=allwords&searchIn=Topic&forum=0&searchSort=dateDESC&SearchPagePosition=1

Solution: This vulnerability has been fixed WebWiz products >= 7.01

Regards,
From the NWPX team,
nuker a.k.a nukedx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Advisory: XSS attack on Superonline.com email service. nukedx (Jan 02)
- Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) nukedx (Jan 09)
  - Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability nukedx (Jan 12)