lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20060109213942.ayea5f4rstoo00ww@webmail.nukedx.com>
Date: Mon Jan  9 23:51:40 2006
From: nukedx at nukedx.com (nukedx@...edx.com)
Subject: Advisory:XSS vulnerability on WebWiz Forums <=
	6.34 (search_form.asp)

--Security Report--
Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)
---
Date: 08/01/06 07:19 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@...edx.com
Web: http://www.nukedx.com
}

---
About: Via this method the WebWiz Forums <= 6.34 are being subjected to an
attack namely XSS attack a.k.a "Cross Site Scripting".The attacker, with the
help of user clicking to the exploited, is able to inject a code with 
the link.

Example &
How:http://[site]/[webwizdir]/search_form.asp?ReturnPage=Search&search=XSS&searchMode=allwords&searchIn=Topic&forum=0&searchSort=dateDESC&SearchPagePosition=1

Solution: This vulnerability has been fixed WebWiz products >= 7.01

Regards,
 From the NWPX team,
nuker a.k.a nukedx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ