Lucene search

hordekrono-xss.txt

🗓️ 23 May 2008 00:00:00Reported by Ivan SanchezType

packetstorm🔗 packetstormsecurity.com👁 16 Views

`+==========================================================================+  
+ Horde & Kronolith Calendar Application & XSS Vulnerabilities +  
+==========================================================================+  
  
  
Author(s): Ivan Sanchez   
  
Product: Kronolith Calendar Application  
  
Web: http://www.horde.org/kronolith/  
  
Versions: Kronolith: Copyright 2000-2003  
  
Date: 23/05/2008  
  
  
Kronolith is the Horde calendar application.  
  
  
  
GOOGLE DORKS:  
------------  
  
intext:"Kronolith: Copyright 2000-2003"  
  
  
  
  
Evil Functions:   
---------------  
  
week.php?  
workweek.php?  
day.php?  
horde=  
  
  
  
Internal Variables:  
-------------------  
  
timestamp=xss  
horde=xss  
  
  
  
Exploits:  
----------  
  
Insert evil code into these variables,then run the exploit !!!  
  
http://site/horde2/kronolith/week.php?timestamp=< XSS EVIL REMOTE CODE >  
http://site/horde2/kronolith/workweek.php?timestamp=< XSS EVIL REMOTE CODE >  
http://site/horde/kronolith/day.php?timestamp=< XSS EVIL REMOTE CODE >  
https://site/horde/kronolith/horde= < XSS EVIL REMOTE CODE >  
  
  
  
Comming soon more xss !!!  
  
  
  
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
+==========================================================================+  
+ Horde & Kronolith Calendar Application & XSS Vulnerabilities + +  
+==========================================================================+`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 May 2008 00:00Current

7.4High risk

Vulners AI Score7.4