echalk vuln

[kevin anonymous <undergroundwars () gmail com>]

echalk is a service that makes advanced websites for schools. alot of them have online classes student email systems 
and homework checks. my school uses echalk and i found this vuln on their site. in echalk's search form it blocks out 
most html and javascript but if you use &lt;script&gt;<img src=javascript:somejavacommand />&lt;/script&gt;
it actually  shows an image icon that contains javascript. this vuln can be used to submit any javascript command you 
want to the site.this can be fixed by not allowing any < characters in the search forum.

-hypnosses