########################################################
| Title  : Saints Row (saintsrow.com) Persistent XSS
| Author : Codeine
| Email  : f3codeine[at]yahoo[dot]com
| Date   : 11/07/2011
| Cat    : PHP[XSS]
| URL    : http://www.saintsrow.com/
########################################################

Saintsrow.com suffers from a persistent XSS vulnerability within the profile system.
The vulnerability persists in all profile fields except first & last name.
No filter evasion needed.

1.) Sign up at www.saintsrow.com
2.) Click "MY STEELPORT"
3.) Enter XSS string into field(s). 
Ex: <script>alert('Follow @codeinesec')</script>

This is a persistent vulnerability.


POC: http://www.saintsrow.com/profile/cyberhacker
_________________________________________________________________________________