Topic:	Helios Calendar <=1.2.1 Beta (XSS)
Credit:	Ivan Sanchez & Maximiliano Soler
Date:	2007.11.04
CWE:	CWE-79 (Show similar)
CVE:	CVE-2007-5952 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

+==============================================================================+
+ Helios Calendar <=1.2.1 Beta (XSS) Multiple Remote Vulnerabilities +
+==============================================================================+


Author(s): Ivan Sanchez & Maximiliano Soler.

Product: Helios Calendar.

Vendor: Refresh Web Development, LLC.

Description: Helios Calendar is a professional event management and publishing
platform. More then just a simple web

calendar, Helios Calendar offers many powerful tools to help you organize and
promote your events online.

Web: http://www.helioscalendar.com/

Versions: 1.2.1 Beta (or less)

Date: 02/11/2007




GOOGLE DORKS:
------------
[x] intext:"Helios Calendar" + intext:"Refresh Web Development"
[x] intitle:"Helios Calendar"


EXPLOIT:
--------

For example...after the variable "username"

http://www.[DOMAIN].tld/calendar/admin/index.php?msg=1&username=[XSS]




NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==============================================================================+
+ Helios Calendar <=1.2.1 Beta (XSS) Multiple Remote Vulnerabilities +
+==============================================================================+


--
Maximiliano Soler.
Reports & Review Code.

Null Code Services.
www.nullcode.com.ar