logo
DATABASE RESOURCES PRICING ABOUT US

[Full-disclosure] Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)

Description

--Security Report-- Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) --- Date: 08/01/06 07:19 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx@nukedx.com Web: http://www.nukedx.com } --- About: Via this method the WebWiz Forums <= 6.34 are being subjected to an attack namely XSS attack a.k.a "Cross Site Scripting".The attacker, with the help of user clicking to the exploited, is able to inject a code with the link. Example & How:http://[site]/[webwizdir]/search_form.asp?ReturnPage=Search&search=XSS&searchMode=allwords&searchIn=Topic&forum=0&searchSort=dateDESC&SearchPagePosition=1 Solution: This vulnerability has been fixed WebWiz products >= 7.01 Regards, From the NWPX team, nuker a.k.a nukedx _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/