pro(re)gress

XSS reply.it/it/search/?lang=IT&search=<script>alert(1);</script> XSS http://www.reply.it/en/tagSearch?tags=Financial+Reports%3Cscript%3Ealert%281%29;%3C/script%3E mirror (?) - same http://d3v578iyw1eidm.cloudfront.net/ several problems in the jsp scripts (unmanaged null exceptions, data of the template, data, etc) template(?) is visible by requesting a wrong id (?) http://reply.it/it/practices/cloudcomputing/readd,7700- sample of the output (ex. http://reply.it/it/practices/cloudcomputing/readd,7700- ) --------------- < div class = "yui-gc clear" id = "unacolonna" > < div class = "yui-u first" id = "col_2_3_sx" > < div class = "tab" > ^service_link^ ^tag_contenuto^ ^dettaglio_contenuto^ ...

After receiving tons of spam on the website I've decided to ban the whole apnic... previously I've tried to ban only china and korea but without success. Since I've not found anything to ban the whole APNIC I've searched for the assigned classes that they manage. P.S. I've added a few LACNIC just add this in a .htaccess file and the spam from the Asia should be gone #list retrieved from #http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt #Banning APNIC deny from 1.0.0.0/8 deny from 27.0.0.0/8 deny from 36.0.0.0/8 deny from 39.0.0.0/8 deny from 42.0.0.0/8 deny from 43.0.0.0/8 deny from 49.0.0.0/8 deny from 58.0.0.0/8 deny from 59.0.0.0/8 deny from 60.0.0.0/8 deny from 61.0.0.0/8 deny from 101.0.0.0/8 deny from 103.0.0.0/8 deny from 106.0.0.0/8 deny from 110.0.0.0/8 deny from 111.0.0.0/8 deny from 112.0.0.0/8 deny from 113.0.0.0/8 deny from 114.0.0.0/8 deny from 115.0.0.0/8 deny from 116.0.0.0/8 deny from 117.0....

http://host52-172-static.59-217-b.business.telecomitalia.it/fp/halunni.php?Cls=1N sql injection (googled)