BugTraq
PHP Booking Calendar 10e XSS Dec 18 2011 08:15PM
tom (tom g13net com) (1 replies)
# Exploit Title: PHP Booking Calendar 10e XSS
# Date: 12/16/11
# Author: G13
# Software Link: http://sourceforge.net/projects/bookingcalendar/
# Version: 10e
# Category: webapps (php)
#

##### Vulnerability #####

The page_info_message varibale in the details_view.php does not
sanitize input. This is a relective XSS attack.

##### Exploit #####

http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=mo
nth&loc=loc1&page_info_message=[XSS]

[ reply ]
Re: PHP Booking Calendar 10e XSS Jan 03 2012 06:40PM
Henri Salo (henri nerv fi)


 

Privacy Statement
Copyright 2010, SecurityFocus