[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201008312013.o7VKDWjU026670@www3.securityfocus.com>
Date: Tue, 31 Aug 2010 14:13:32 -0600
From: edgard.chammas@...amand.edu.lb
To: bugtraq@...urityfocus.com
Subject: ApPHP Calendar XSS - CSRF
##############################################################
# Vendor: ApPHP
# Affected versions: All
# Script: ApPHP Calendar
# URL: http://www.apphp.com/php-calendar/index.php
# Vulnerability type: XSS - CSRF
# Risk rating: Medium
##############################################################
# [Exploit]
# Attack: XSS - CSRF in calendar.php via POST
# Vulnerable file: calendar.class.php
# Vulnerable parameters:
# - category_name
# - category_description
# - event_name
# - event_description
###############################################################
# [Solution]
# Need to sanitize the vulnerable parameters
###############################################################
# [Credits]
# Edgard Chammas [454447415244]
# edgard.chammas@...amand.edu.lb
###############################################################
Powered by blists - more mailing lists