Computer Security

Security Advisory: XSS in Web Wiz Forums
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability

  The Amazing Little Poll Admin Pwd

  [SA21653] PHP-Nuke MyHeadlines Module "myh_op" Cross-Site Scripting

  [SA21742] microforum "members.
dat" Exposure of User Credentials

From:Peko Takov <fak3_(at)_abv.bg>
Date:04.09.2006
Subject:XSS in Web Wiz Forums

=info=
Little filter evasion of Web Wiz Forums filters.
The vuln lies in the avatar from url.
=exploit=
You have to post
"><img src="java        scri    pt:ale  rt('xss')">
after the url.
=handicap=
It is not that serious because the field takes only 95 chars and it works only for IE and Opera.Firefox survived it.
=======
by fak3

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru