important!(maybe)

[st3alth]

ok. i have found an xss hole in the ninja_store search engine. http://ninjitsu-technique.com/ninja_store on that page, in the search box type <script>alert("this is an xss found by stealth");</script> and take a look.

this isn't big as far as i know but it could become a bigger issue/other holes may exist.

i noticed admin left, however if you can contact him let him know. the last thing we need is some jackass ,like shayden to actually learn how to exploit these things.

btw this is an example, the string could be other javascript as well.

just thought id put it out there.

update:i forgot to mention that at this stage it means nothing, other than bad coding of the search bar. dont be too worried about this, right now your fine, unless it leads to more vulns.

[Avenger]

nothing happened for me.

[ShinobiWanKenobi]

Sorry, no exploits can be done on the site that I know of.

[st3alth]

yes it can. its not on the forum, its on the store. it works,i just did it try taking out the semicolon.

[Ninja of Shadows]

lol try typing   <script>alert("This is sooooo cool!!");</script>  it's pretty cool

[st3alth]

this site is very badly made. ive easily found three vulns. one in the store 2 in the forum. 1 is unexploitable(meaning you cant do anything with it.) the other is very dangerous. and im sure there are more.
be careful.

[Pandemonium]

What kind of vulns?

[st3alth]

the one in the store is xss. the avatar upload system is flawed ive already uploaded a couple shells. the next vuln is in conjunction with the avatar system. its LFI, meaning you can go to restricted files(i have yet to find the file paths).

p.s. the unexploitable vuln is actually exploitable(the avatar upload system)