PHP Calendar Script Remote XSS (Permanent) Vulnerabilities

2008-09-30 / 2008-10-01
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

============================================================== PHP Calendar Script Remote XSS (Permanent) Vulnerabilities ============================================================== AUTHOR : CWH Underground DATE : 28 September 2008 SITE : cwh.citec.us ##################################################### APPLICATION : PHP Calendar Script VERSION : 6.3.25 VENDOR : www.easyphpcalendar.com DOWNLOAD : http://www.easyphpcalendar.com/freeDownload.php ##################################################### --- Permanent Cross Site Scripting --- ----------------- Vulnerable Page ----------------- [+]http://[Target]/[path]/events/index.php?PHPSESSID=[md5number]&add=1 Ex: [+]http://[Target]/[path]/events/index.php?PHPSESSID=e99299396b831fe9226b7d5de21edaff&add=1 This page is used to Add New Event and there is a feild "Details:" which is prepared for inserting detail of the event. We can inject javascript into this feild as result in "Stored XSS". ----------------- Example code ----------------- Details: <textarea rows="10" style="width: 99%;" id="descr" name="descr"/> Note : - [md5number] is the session id which will generate automatically after we login - In order to be the user, must be added by Master Administrator ##################################################################### Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos Special Thx : asylu3, str0ke, citec.us, milw0rm.com #####################################################################

References:

http://xforce.iss.net/xforce/xfdb/45517
http://www.securityfocus.com/bid/31478
http://www.securityfocus.com/archive/1/496796


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top