WebEditor versions 1.0.4 and below suffer from cross site scripting and remote file inclusion vulnerabilities.
12b5ccecd9adbb1e200376471fad4094cae325cf97be876762d0178b4d40119dHi People of PacketStormSecurity !
I want to report a XSS & RFI Vulnerability in WedEditor.
+========================================================================+
+ WebEditor <= 1.0.4 XSS & RFI Multiple Remote Vulnerabilities +
+========================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler
Product: Namo WebEditor
Web: http://www.namo.com/products/webeditor.php
Versions: 1.0.4 (or less).
Date: 21/01/2008
GOOGLE DORKS:
------------
[+] inurl:"webeditor.php" intext:"login"
EXPLOIT:
--------
For example...after the variable "id"
http://www.[DOMAIN].tld/webeditor.php?id=[XSS or RFI]
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+========================================================================+
+ WebEditor <= 1.0.4 XSS & RFI Multiple Remote Vulnerabilities +
+========================================================================+
--
Maximiliano Soler.
Reports & Review Code.
Null Code Services.
www.nullcode.com.ar
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed