[PHPiCalendar-DEV] Fwd: PHP iCalendar Cross Site Scripting

[Nicolas C. <ni...@co...>]

It seems that something goes wrong in the RSS feed.

I've not yet followed the links mentionned, but this advisory had been
published on the bugtraq list, so it should have been validated.


Danon'.
---------- Forwarded message ----------
From: bo...@li... <bo...@li...>
Date: 28 Jun 2006 18:14:42 -0000
Subject: PHP iCalendar Cross Site Scripting
To: bu...@se...

>> K.S Advisory

>> irc.gigachat.net #kurdhack

>> Thanx : Netqurd,Azad,B3g0k,Fearless,Milex,Flot,Zay_Boy,PH,KHA,KCA and
other my friends

>> Version : All Version


Proof Of Concept :

http://www.site.com/phpicalendar/rss/index.php?cal=[XSS]

Original Advisory :

http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-12-php-icalendar.html

EoF


-- 
I'm a poor and lonesome Yaourt... (Air connu)