XSS and User Data Corruption in PHP Event Calendar

Summary

Vulnerability
XSS and User Data Corruption in PHP Event Calendar
Discovered
2006.02.06
Last Update
2006.02.16 Exploitation code published
ID
EV0063
CVE
CVE-2006-0657
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. No reply from developer(s)
Vendor
Softcomplex (http://www.softcomplex.com/)
Vulnerable Software
PHP Event Calendar (http://www.softcomplex.com/products/php_event_calendar/)
Version
1.5
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in PHP Event Calendar (http://www.softcomplex.com/products/php_event_calendar/) script.

Registered user has an ability to change his Username and Password.
Username and Password isn't sanitized before being written to users.php file. This can be used to make XSS attack or corrupt users data.

PoC/Exploit

1. Cross-Site Scripting Example.

Changing password.
Username: <XSS>
Password: userpassword


2. Password file corruption.

Changing password.
Username: any
Password: ?><?



Solution.

Solution for "XSS and User Data Corruption in PHP Event Calendar" is not available. Check Softcomplex website for updates.