| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jan 2006 04:09:14 -0600
From: nukedx@...edx.com
To: bugtraq@...urityfocus.com
Subject: Advisory:XSS vulnerability on WebWiz Forums <= 6.34
(search_form.asp)
--Security Report--
Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)
---
Date: 08/01/06 07:19 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx_at_nukedx.com
Web: http://www.nukedx.com
}
---
About: Via this method the WebWiz Forums <= 6.34 are being subjected to an
attack namely XSS attack a.k.a "Cross Site Scripting".The attacker, with the
help of user clicking to the exploited, is able to inject a code with
the link.
Example &
How:http://[site]/[webwizdir]/search_form.asp?ReturnPage=Search&search=XSS&searchMode=allwords&searchIn=Topic&forum=0&searchSort=dateDESC&SearchPagePosition=1
Solution: This vulnerability has been fixed WebWiz products >= 7.01
Regards,
From the NWPX team,
nuker a.k.a nukedx
Powered by blists - more mailing lists