In-Reply-To: <6520144396.20031113223723@hex.net.ru> HEX has submitted incorrect information on Web Wiz Forums (again!!!). The values of the variables mentioned by HEX are filtered further on in the code. The file register_new_user.asp is not a file that exsits in Web Wiz Forums version 7.01 or above. The only variable that was not filtered correctly was the Location field which is populated by a drop down box. Form March 2003 the location variable was changed to filter the location field. This does not effect versions of Web Wiz Forums from 7.5 and above. > >Informations : >°°°°°°°°°°°° >Language : ASP >Bugged Version : Web Wiz Forums ver. 7.01 (and less ?) >Website : http://www.webwizforums.com >Problems : Permanent XSS > > >Objects : >°°°°°°° >- register_new_user.asp >- register.asp > >The values variable are not filtered: > >strLocation = Request.Form("location") >strMessage = Request.Form("signature") >strPassword = Request.Form("password")
