header-logo
Suggest Exploit
vendor:
aBitWhizzy
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting, Directory-Traversal
79, 22
CWE
Product Name: aBitWhizzy
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

aBitWhizzy Multiple Cross-Site Scripting and Directory-Traversal Vulnerabilities

aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit these vulnerabilities to view the directory structure on the affected webserver and perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Update to the latest version of aBitWhizzy which addresses these vulnerabilities. Avoid supplying untrusted input to the affected application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23167/info

aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker could exploit these vulnerabilities to view the directory structure on the affected webserver and perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://localhost/abitwhizzy/whizzypic.php?d= ../../../../../../../Documents%20and%20Settings