Bugtraq mailing list archives
[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting
From: roozbeh_afrasiabi () yahoo com
Date: 28 Jan 2006 07:30:48 -0000
PoC : -------------------- 1) This flaw exists because the application does not validate the "nickname" variable upon submission to the post.php script via the POST method. h**p://www.[target]/post.php?nickname="><script>alert('XSS')</script><!-- --------------------
Current thread:
- [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting roozbeh_afrasiabi (Jan 28)