('binary' encoding is not supported, stored as-is)
In-Reply-To: <6520144396.20031113223723_at_hex.net.ru>
HEX has submitted incorrect information on Web Wiz Forums (again!!!).
The values of the variables mentioned by HEX are filtered further on in the code.
The file register_new_user.asp is not a file that exsits in Web Wiz Forums version 7.01 or above.
The only variable that was not filtered correctly was the Location field which is populated by a drop down box.
Form March 2003 the location variable was changed to filter the location field.
This does not effect versions of Web Wiz Forums from 7.5 and above.
>
>Informations :
>°°°°°°°°°°°°
>Language : ASP
>Bugged Version : Web Wiz Forums ver. 7.01 (and less ?)
>Website : http://www.webwizforums.com
>Problems : Permanent XSS
>
>
>Objects :
>°°°°°°°
>- register_new_user.asp
>- register.asp
>
>The values variable are not filtered:
>
>strLocation = Request.Form("location")
>strMessage = Request.Form("signature")
>strPassword = Request.Form("password")
Received on Nov 14 2003
Intro
