Re: Web Wiz Forums ver. 7.01
bruce_at_webwizguide.info
Date: 11/14/03
- Previous message: Systems Administrator: "Re: Funny article"
- Maybe in reply to: HEX: "Web Wiz Forums ver. 7.01"
- Next in thread: Thor: "Re: Web Wiz Forums ver. 7.01"
- Reply: Thor: "Re: Web Wiz Forums ver. 7.01"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 14 Nov 2003 08:21:18 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <6520144396.20031113223723@hex.net.ru>
HEX has submitted incorrect information on Web Wiz Forums (again!!!).
The values of the variables mentioned by HEX are filtered further on in the code.
The file register_new_user.asp is not a file that exsits in Web Wiz Forums version 7.01 or above.
The only variable that was not filtered correctly was the Location field which is populated by a drop down box.
Form March 2003 the location variable was changed to filter the location field.
This does not effect versions of Web Wiz Forums from 7.5 and above.
>
>Informations :
>°°°°°°°°°°°°
>Language : ASP
>Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
>Website : http://www.webwizforums.com
>Problems : Permanent XSS
>
>
>Objects :
>°°°°°°°
>- register_new_user.asp
>- register.asp
>
>The values variable are not filtered:
>
>strLocation = Request.Form("location")
>strMessage = Request.Form("signature")
>strPassword = Request.Form("password")
- Previous message: Systems Administrator: "Re: Funny article"
- Maybe in reply to: HEX: "Web Wiz Forums ver. 7.01"
- Next in thread: Thor: "Re: Web Wiz Forums ver. 7.01"
- Reply: Thor: "Re: Web Wiz Forums ver. 7.01"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
