FineArtPost XSS ( Cross Site Scripting ) Vulnerability Software : FineArtPost Date : 7/1/2012 Vendor : http://www.fineartpost.com/ Get App. : http://www.fineartpost.com/about_fap/pricing.php Beta : http://www.fineartpost.com/fap2/beta.php Price : $149.59 Dork : inurl:"/display_images.php?u_id=" "FineArtPost" Author : ITTIHACK Home : http://ittihack.com Vulnerable file : display_images.php Exploit : http://site/path/display_images.php?u_id= Proof of concept: http://www.greslearthart.com/public/display_images.php?u_id= http://www.clairecolemanart.com/public/display_images.php?u_id= http://www.annrutecki.com/public/display_images.php?u_id= http://www.fineartpost.com/harmon/public/display_images.php?u_id= #Greatz to: ___ ____ ____ #````______/```\__//```\__/____\ #``_/```\_/``:```````````//____\ #`/|``````:``:``..``````/ Reinie \ #|`|`````::`````::``````\````````/ #|`|`````:|`````||`````\`\______/ #|`|`````||`````||``````|\``/``| #`\|`````||`````||``````|```/`|`\ #``|`````||`````||``````|``/`/_\`\ #``|`___`||`___`||``````|`/``/````\ #```\_-_/``\_-_/`|`____`|/__/``````\ #````````````````_\_--_/````\`````/ #```````````````/____```````````/ #``````````````/`````\`````````/ #``````````````\______\_______/