# Exploit Title: Jamroom Cross Site Scripting
# Date: 19.02.2012
# Author: Sony
# Software Link: http://www.jamroom.net
# Google Dorks: Powered by Jamroom
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html
..................................................................

Demo1:

http://demo.jamroom.net/login.php
http://www.jamroom.net/pages/jamroom-demo-systems

Version 4.2.6

We have persistent xss in the Jamroom.

Status Update-->put our code and save this.

Refresh page and..enjoy!

http://3.bp.blogspot.com/-skYTR8jOaDw/T0AZNB1AzvI/AAAAAAAAAiM/NqzMjq5q6Ko/s1600/status1.JPG

http://2.bp.blogspot.com/-CEeE008RiYE/T0AZQNdzCCI/AAAAAAAAAiY/f7sMtsuy9l4/s1600/status2.JPG

Demo2:

Version 4.2.4

http://beatbattle.com/

http://3.bp.blogspot.com/--d-84OccpGo/T0AaTzCd1NI/AAAAAAAAAik/ogyze1yjAEk/s1600/beatbattle.JPG