Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title: My Kazaam Notes Management System Multiple Vulnerability Vendor url:http://www.mykazaam.com Version:1 Published: 2010-07-11 Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com Shoutzz:- To all ICW members. ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Description: Use as an order tracking system with Message confirmed, as a progress chart or an online diary. Operates with file numbers to separate entries ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Vulnerability: Enter the attack parameter on the "Enter Refernce Number Below" Text box *SQLi Vulnerability DEMO URL : http://server/path/notes.php[sqli] *XSS Vulnerability DEMO URL: http://server/path/notes.php[xss] *HTML Vulnerability DEMO URL: http://server/path/notes.php[html] # 0day n0 m0re # # L0rd CrusAd3r # -- With R3gards, L0rd CrusAd3r