lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: 14 Nov 2003 08:21:18 -0000
From: <>
Subject: Re: Web Wiz Forums ver. 7.01

In-Reply-To: <>

HEX has submitted incorrect information on Web Wiz Forums (again!!!).

The values of the variables mentioned by HEX are filtered further on in the code. 

The file register_new_user.asp is not a file that exsits in Web Wiz Forums version 7.01 or above.

The only variable that was not filtered correctly was the Location field which is populated by a drop down box.

Form March 2003 the location variable was changed to filter the location field.

This does not effect versions of Web Wiz Forums from 7.5 and above.

>Informations :
>Language : ASP
>Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
>Website :
>Problems : Permanent XSS
>Objects :
>- register_new_user.asp
>- register.asp
>The values variable are not filtered:
>strLocation = Request.Form("location")
>strMessage = Request.Form("signature")
>strPassword = Request.Form("password")

Powered by blists - more mailing lists