#########################################################
Multiple variable XSS in Spymac Web Os v4.0
vendor url:http://www.spymac.com/
Advisory:http://lostmon.blogspot.com/2005/09/
multiple-variable-xss-in-spymac-web-os.html
Vendor notified : yes exploit avaible : yes
#########################################################

Spymac flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate some
variables upon submission to some scripts.This could allow a user
to create a specially crafted URL that would execute arbitrary
code in a user's browser within the trust relationship between the
browser and the server,leading to a loss of integrity.

############
version afected
############

Spymac Web Os 3.0 beta 190

#########
Solution
#########

No solution was available at this time.

##########
timeline
##########

Discovered : 17 sep 2005
Vendor notify: 17 sep 2005
Vendor response:
Disclosure :17 sep 2005
Public disclosure:17 sep 2005


############
Examples
############

http://[victim]/forums/showthread.php?threadid=195681[XSS-CODE]

http://[victim]/forums/showthread.php?threadid=195805&postid=3579278[XSS-CODE]#post_3579278

http://[victim]/forums/showthread.php?threadid=195605&curr=0[XSS-CODE]

########################### €nd #################################

Thnx to estrella to be my ligth.
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....