sh3ll@xxxxxxxx schrieb am Thu, 10 Aug 2006 20:38:38 +0000: >PoC: > >~~~ > >http://www.target.com/[miniBloggie]/cls_fast_template.php?fname=[Evil Script] Now you have your evil script included in a function. But how would you call the function, to execute your script? Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>