EV0063.txt

2006-02-17T00:00:00
ID PACKETSTORM:43944
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-02-17T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
PHP Event Calendar XSS & User's Data Corruption Vulnerabilities  
http://evuln.com/vulns/63/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0063  
CVE: CVE-2006-0657  
Vendor: Softcomplex  
Vendor's Web Site: http://www.softcomplex.com/  
Software: PHP Event Calendar  
Sowtware's Web Site: http://www.softcomplex.com/products/php_event_calendar/  
Versions: 1.5  
Critical Level: Harmless  
Type: Cross-Site Scripting  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Registered user has an ability to change his Username and Password.  
Username and Password isn't sanitized before being written to users.php file. This can be used to make XSS attack or corrupt users data.  
  
  
  
--------------Exploit----------------------  
Available at: http://evuln.com/vulns/63/exploit.html  
  
1. Cross-Site Scripting Example.  
  
Changing password.  
Username: <XSS>  
Password: userpassword  
  
  
2. Password file corruption.  
  
Changing password.  
Username: any  
Password: ? ><?  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com  
`