-######### [Saved] -
[27-07-2008/13:10:02]
.: Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02
.: [Author] CSDT
.: [Affected versions] http://www.webwizguide.com/ - Web Wiz Rich Text Editor (RTE) 4.02
.: [Credit] The disclosure of these issues has been credited to autehoker of CSDT
ч_____________________________________________________________________________________________€
.: [Script Description]
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in
Web Wiz Rich Text Editor (RTE) 4.02 and earlier, and 3.x versions, allow remote attackers
to inject arbitrary web scripting. This flaw exists because the application does not validate
the Link Type ( "Email" ) variables upon submission to the RTE_popup_link.asp script.
This could allow a user to create a specially craftedURL that would execute arbitrary code
in a user's browser within the trust relationship between the browser and the server,
leading to a loss of integrity.
ч_____________________________________________________________________________________________€
.: [Classification]
Attack Type: Input Manipulation
Impact: Loss of Integrity
Fix: N/A Public release vulnz: {27-07-2008 Sun}
Class Input Validation Error
ч_____________________________________________________________________________________________€
.: [Solution]
Upgrade to version 4.03 or higher, as it has been reported to fix this vulnerability.
An upgrade is required as there are no known workarounds.
Actual Version: Web Wiz Rich Text Editor (RTE) 4.02
ч_____________________________________________________________________________________________€
.: [References]
ч_____________________________________________________________________________________________€
.: [Manual Testing Notes]
ч
Web Wiz Rich Text Editor version 4.02 // RTE_popup_link.asp
function initialise(){
var selectedRange =
window.opener.document.getElementById('WebWizRTE').contentWindow.window.getSelection().toString();
//Use editor selected range to fill text boxes
if (selectedRange != undefined){
document.getElementById('URL').value = selectedRange
document.getElementById('email').value = selectedRange
}
ч
Select Link Type: Email - {Email value not filtered}
¤ span id="mailLink"
¤ input name="email" onfocus="document.forms.frmLinkInsrt.Submit.disabled=false;
//Line 65 post back If Request.Form("URL") <> "" OR Request.Form("email") <> "" AND Request.Form("postBack")
Then
ч
ч_____________________________________________________________________________________________€
.: [XSS] U-Code %3C/textarea%3E'%22%3E%3Cscript%3Ealert('document.cookie')%3C/script%3E
.: [XSS] N-Code </textarea>'"><script>alert(document.cookie)</script> {XSSing.Com - XSS CHEATS Auth.
Depo2}
ч_____________________________________________________________________________________________€
.: [Greetings]
ч
.:[shoutz] L0cKed, Elrohir, xo7, Th3.Azad, Depo2, The_keSsk!N, MadNet, hayalperest, K4R4B3L4
ч ankuN, row3r, LekHe, M3M4T!, Dr.ExPERT, MuR@T, Bigboss, EjDeRx7, Arslan Yabgu, tьrk_ьz, by.s.s,
makmanaman, İsimsizCod3r, hackerali, De-PreaM, DarKWorM, Brian, |GeCCe|,
BİXİi , EkBeR-I DeRYa
ч
.: [SS] CSDT- Atabeyler TIM - Atabeyler.Org
-########_______________________________________________________________________________________ ####