info
discussion
exploit
solution
references
RunCMS Bigshow.PHP Cross-Site Scripting Vulnerability
An exploit is not required.
The following proof-of-concept URI was provided:
http://www.example.com/[target]/modules/downloads/bigshow.php?id=[url of an image]'>[code]
Privacy Statement
Copyright 2010, SecurityFocus
