CalendarScript is Vulnerable to Cross Site Scripting ~ Random stuff by yappare

Tuesday, December 14, 2010

CalendarScript is Vulnerable to Cross Site Scripting

on December 14, 2010 No comments

# Exploit Title: CalendarScript is Vulnerable to Cross Site Scripting
# Date: 15 December 2010
# Author: p0pc0rn
# Software Link: http://www.calendarscript.com/

XSS
====
http://www.calendarscript.com/demo/calendar_admin.pl
POST : [XSS]
http://www.calendarscript.com/demo/calendar.pl
POST : [XSS]

XSS 2 (for old version i think)
=====
http://site.com/cgi-bin/calendar/calendar.pl?ACTION=VIEWDAY&Year=[XSS]&Month=12&Date=[XSS]&config=calendar.cfg

Screenshot:

http://img580.imageshack.us/img580/9347/calendarss.png
http://img815.imageshack.us/img815/9159/calendar2z.png

Thanks

p0pc0rn

Random stuff by yappare

Tuesday, December 14, 2010

CalendarScript is Vulnerable to Cross Site Scripting

0 comments:

Text Widget

Popular Posts

Pages

Blog Archive

Recent Posts

Unordered List

Categories