check this out
but dont login
watch for l in point.Code:http://forums.digitalpolnt.com/
Normally it's a better practice to inform the site owner about a possible bug on their website and ONLY release it to public 'after' the owners have fixed it. You can also file cert advisories so that other webmasters using the software can get security patches.
What you did in this case was probably not the right way to expose the vulnerability. I am happy to know that you were curious enough to try the XSS vulnerability but making it public was not the best step.
Cool tips. But I don't wan't try it
I got a laugh out of it. If someone did that too my forum and it wasn't anything bad like p0rn, I would have used it to improve the security and not have banned the poster/hacker.
To think that if you were to get ticked off now, you could make it worse on them, if you were a corrupt hacker.
Funny. I'm surprised that vulnerability exists, even in a version that's a year and a half old.
That place is like a hen house with no roosters. The mod chat has to be pure comedy with everyone trying to figure these things out.
I am also a writer for Serpholic Media. You can find some of my articles here: Serpholic Media Blog