We have not been doing a lot of research and poking lately, in websites or networks...
We will eventually find time, and start looking for throw aways (XSS / SQLi). Please understand that full disclosure is good for everybody, instead of security by obscurity.
In the meantime, check out the Kosova Airlines website at www.flyksa.com
Or you can access their database here. Need I say more about bad coding practices?