Cross Site Scripting. Many Sites Vulnerable.

[InterWN Labs <interwn () interwn nl>]

Hello all.

I think its been made very clear that cross site 
scripting is a problem to most of us that read
bugtraq, but it seems that many high profile
companies, even tech ones, have forgotten
that it can be a serious issue.

I have posted a .txt file on my website that simply 
shows many example links to vulnerable sites
that allow java script execution.

A small list of the sites:

Midway, Corel, NYTimes.com,
AOL, Real Networks, Cisco, IBM,
Oracle, Akamai, FedEx, FoxNews
Lycos.com (angelfire and tripod),
Geocities, Netcraft, and Sourceforge.

www.whitehouse.gov and www.nipc.gov
are included in the list.

A brief paper will be written soon outlining CSS 
vulns and how to spot and fix them. Hope this is 
useful.

The list can be found at:
www.interwn.nl/release/cssvulns.txt

philer
www.interwn.nl