PHP-FUSION 5.* XSS VULNERABILITY
I found an exploit in the current version of php-fusion which allows you to
input XSS in the [IMG] tag. I reported it already to php-fusion and they
created a fix for this. Here it goes:
By converting the text (ie. javascript:alert('test')) to their ascii values,
the strings between the [img][/img] tags aren't checked by the filter. And this
way, you can send it and it will be executed.
You can do other things like display cookies, steal cookies, redirections etc.
EXAMPLE:
[IMG]javascript:document.location='http://www.albinoblacksheep.com/flash/you.html'[/IMG]
would be replaced by
[IMG]javascript:document.location='http://www.albinoblacksheep.com/flash/you.html'[/IMG]
FIX:
Filter out characters like '&' and '#'.