Sup

A couple of minutes ago I found a XSS flaw on www.ibash.de.

Screen:

I already contacted the webmaster, when the flaw is fixxed, I’m going to post the used Malicious script.

Stay tuned, n0va

Edit:

At 22:15, The webmaster fixxed the flaw and replied to my email:

Moin, moin!

Danke für den Hinweis. Der Fehler sollte nun behoben sein.
Partnerschaft können wir gerne machen!

MfG,
Semjon Köhnke

As a kinda “reward” he added me to his partner sites: http://ibash.de/partner.html

The used Searchstring was:

“><ScRiPt>alert(String.fromCharCode(112, 108, 122, 32, 102, 105, 120, 32, 120, 115, 115, 44, 32, 107, 116, 104, 120, 98, 97, 105))</sCrIpt>