There is cross site scripting available on this source in the following files:
/redir.php
url/displaylang
/tags.php
test
The POST variable test has been set to [img]JaVaScRiPt:alert(517721760607)[/img]
then again in redir xxs by uri
This XSS variant usually appears when a PHP script is using one of following variables without filtering them:
- PHP_SELF
- REQUEST_URI
- SCRIPT_URL
- SCRIPT_URI
DO NOT USE THIS ON A LIVE SITE!