============================================================== PHP Calendar Script Remote XSS (Permanent) Vulnerabilities ============================================================== AUTHOR : CWH Underground DATE : 28 September 2008 SITE : cwh.citec.us ##################################################### APPLICATION : PHP Calendar Script VERSION : 6.3.25 VENDOR : www.easyphpcalendar.com DOWNLOAD : http://www.easyphpcalendar.com/freeDownload.php ##################################################### --- Permanent Cross Site Scripting --- ----------------- Vulnerable Page ----------------- [+]http://[Target]/[path]/events/index.php?PHPSESSID=[md5number]&add=1 Ex: [+]http://[Target]/[path]/events/index.php?PHPSESSID=e99299396b831fe9226b7d5de21edaff&add=1 This page is used to Add New Event and there is a feild "Details:" which is prepared for inserting detail of the event. We can inject javascript into this feild as result in "Stored XSS". ----------------- Example code ----------------- Details: <textarea rows="10" style="width: 99%;" id="descr" name="descr"/> Note : - [md5number] is the session id which will generate automatically after we login - In order to be the user, must be added by Master Administrator ##################################################################### Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos Special Thx : asylu3, str0ke, citec.us, milw0rm.com #####################################################################