check this out
but dont login
watch for l in point.Code:http://forums.digitalpolnt.com/
Normally it's a better practice to inform the site owner about a possible bug on their website and ONLY release it to public 'after' the owners have fixed it. You can also file cert advisories so that other webmasters using the software can get security patches.
What you did in this case was probably not the right way to expose the vulnerability. I am happy to know that you were curious enough to try the XSS vulnerability but making it public was not the best step.
Cool tips. But I don't wan't try it
I got a laugh out of it. If someone did that too my forum and it wasn't anything bad like p0rn, I would have used it to improve the security and not have banned the poster/hacker.
To think that if you were to get ticked off now, you could make it worse on them, if you were a corrupt hacker.
Funny. I'm surprised that vulnerability exists, even in a version that's a year and a half old.