_____  _    _ _____  _      _                  _       
   |  __ \| |  | |  __ \| |    (_)                | |      
   | |__) | |__| | |__) | |     _ ______ _ _ __ __| | ___  
   |  ___/|  __  |  ___/| |    | |_  / _` | '__/ _` |/ _ \ 
   | |    | |  | | |    | |____| |/ / (_| | | | (_| | (_) |
   |_|    |_|  |_|_|    |______|_/___\__,_|_|  \__,_|\___/ 
   ________________________________________________________
   
   +----[ Informations
   
   Title       : PunBB Cross Site Scripting Vulnerability
   Version     : 1.3
   Download    : http://punbb.informer.com
   Affects     : Moderators and administrators only
   Description : A malicious user could steal moderator's &
                 administrator's session by injecting javascript
				 in the title of a topic.
   
   
   +----[ Vulnerable code : moderate.php
   
   1555 | sprintf($lang_forum['Select topic'], $cur_topic['subject'])
   ...  |
   1620 | sprintf($lang_forum['Select topic'], $cur_topic['subject'])
   
   
   +----[ Patch - unofficial
   
   1555 | sprintf($lang_forum['Select topic'], forum_htmlencode($cur_topic['subject']))
   ...  |
   1620 | sprintf($lang_forum['Select topic'], forum_htmlencode($cur_topic['subject']))
   
   
   +----[ Video
   
   http://rapidshare.com/files/163337285/PunBB_1.3_Final_Release_Cross_Site_Scripting.rar.html
   
   
   +----[ Greetings
   
   KPCR, Xylitol, 0vercl0k, Nam_K, Str0ke, Sh0ck, Do', #carib0u