*Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities*


Exploit Title: Webs ID /login.jsp &error Parameter Reflected XSS
(Cross-site Scripting) Security Vulnerabilities
Vendor: Webs, Inc
Product:  Webs ID
Vulnerable Versions:
Tested Version:
Advisory Publication: April 02, 2015
Latest Update: April 02, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [Mathematics, Nanyang Technological
University (NTU), Singapore]







*Proposition Details:*


*(1) Vendor & Product Description:*


*Vendor:*
Webs, Inc



*Product & Vulnerable Versions:*
Webs ID



*Vendor URL & download:*
Webs ID can be obtained from here,
http://www.webs.com
http://www.webs.com/blog/2010/04/20/new-easier-way-to-manage-websid-account-settings/



*Terms of Service Overview:*
" The services offered by Webs, Inc. ("Webs" or "us" or "we" or "our")
include the websites at http://www.webs.com and http://www.freewebs.com as
well as any other related websites, toolbars, widgets, or other
distribution channels we may, from time to time, operate (collectively,
"Webs.com") and any other features, content, services or applications
offered, from time to time, by us (collectively, the "Services"). This
agreement (the "Terms of Service" or "Agreement") sets forth legally
binding terms for your use of the Services. By using the Services, you
agree to be bound by these Terms of Service, whether you are a "Website
Creator" (which means that you have registered to utilize our tools to
build a website ("Website")), a "Member" (which means that you have
registered on one of the Webs.com hosted Websites), a "Visitor" (which
means that you are visiting Webs.com or any hosted Website), or an
"Application Developer" (which means that you have been approved to build
or deploy your application or anything else that receives data (an
"Application") on Webs.com). The term "User" refers to a Visitor or a
Member or a Website Creator. By browsing or registering with, creating or
using any Website, Application or Service on Webs.com you are agreeing to
these Terms of Service, and these Terms of Service along with any other
guidelines we may post from time to time, such as our Privacy Policy and
Application Developer Terms (collectively, the "Guidelines") will govern
your use of the Services. If you do not agree to these Terms of Service or
any of the Guidelines, you must cease use of the Services."

"You represent that you are fully able and competent to enter into the
terms, conditions, obligations, representations and warranties set forth in
these Terms of Service. If you are using or creating a Website or
Application on or through Webs.com as a representative of a company or
legal entity, (i) you represent that you have the authority to enter into
this Agreement on behalf of that company or entity, and (ii) you agree that
the terms "you" and "your" in this Agreement refers to your company or
legal entity. "




*(2) Vulnerability Details:*
Webs ID web application has a security bug problem. It can be exploited by
XSS attacks. This may allow a remote attacker to create a specially crafted
request that would execute arbitrary script code in a user's browser
session within the trust relationship between their browser and the server.

Several other Webs ID products 0-day vulnerabilities have been found by
some other bug hunter researchers before. Webs has patched some of them.
Gmane (pronounced "mane") is an e-mail to news gateway. It allows users to
access electronic mailing lists as if they were Usenet newsgroups, and also
through a variety of web interfaces. Gmane is an archive; it never expires
messages (unless explicitly requested by users). Gmane also supports
importing list postings made prior to a list's inclusion on the service. It
has published suggestions, advisories, solutions related to XSS
vulnerabilities.


*(2.1) *The first code programming flaw occurs atoccurs at "/login.jsp?"
page with "&error" parameter.





*References:*
http://www.tetraph.com/security/xss-vulnerability/webs-id-reflected-xss/
http://securityrelated.blogspot.com/2015/04/webs-id-reflected-xss-cross-site.html
http://www.inzeed.com/kaleidoscope/computer-web-security/webs-id-reflected-xss/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/webs-id-reflected-xss/
https://computerpitch.wordpress.com/2015/04/15/webs-id-reflected-xss/
http://www.irist.ir/author-Wang%20Jing.html
http://exploitarchive.com/webshop-hun-1-062s-cross-site-scripting/
http://lists.openwall.net/full-disclosure/2015/02/03/2
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1821




--
Wang Jing,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://twitter.com/justqdjing