|
|
 |
| New User, Welcome! Login |
ApPHP Calendar XSS - CSRF
| From: |
edgard chammas balamand edu lb |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
ApPHP Calendar XSS - CSRF |
| Date: |
Tue - Aug 31, 2010 01:32 PM |
##############################################################
# Vendor: ApPHP
# Affected versions: All
# Script: ApPHP Calendar
# URL: http://www.apphp.com/php-calendar/index.php
# Vulnerability type: XSS - CSRF
# Risk rating: Medium
##############################################################
# [Exploit]
# Attack: XSS - CSRF in calendar.php via POST
# Vulnerable file: calendar.class.php
# Vulnerable parameters:
# - category_name
# - category_description
# - event_name
# - event_description
###############################################################
# [Solution]
# Need to sanitize the vulnerable parameters
###############################################################
# [Credits]
# Edgard Chammas [454447415244]
# edgard.chammas@balamand.edu.lb
###############################################################
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
