SF-Users V1.0 XSS injection=0D
=0D
Discovered by: Nomenumbra=0D
Date: 5/2/2006=0D
impact:moderate (privilege escalation,possible defacement)=0D
=0D
The username with which you sign up isn't properly sanitized so it's possible to =0D
insert some javascript there.=0D
=0D
The single quote is filtered so we'll have to use ' or %27. A username like this:=0D
=0D
 would be displayed on the user page as XSS, the rest is left to=0D
your fantasy.=0D
=0D
Nomenumbra/[0x4F4C]