XSS VULNERABILITIES STILL IN MANY INTERNATIONAL AND IMPORTANT SITES

Author: SkyOut Date: 18.July 20006 Site: www.eof-project.net

Today I began searching around for XSS flaws, I searched for standard errors in several websites while handling script inputs. As expected I found more and more websites being vulnerable to this type of attack, but for my surprise even very popular sites are vulnerable to this standard vulnerability!

Here you have the complete list of all sites I found in only a few hours:

I just used those two scripts to check the vulnerability in input fields:

1) < script > alert ( 31337 ) < / script >

2) < script > alert ( " XSS " ) < / script >

• polizei.hessen.de [XSS]
• arte-tv.com [XSS]
• sport.ard.de [XSS]
• suchnase.de [XSS]
• killsometime.com [XSS]
• pangora.n24.de [XSS]
• n-tv.de [XSS]
• walmartstores.com [XSS]
• directory.fsf.org [XSS]
• hr-online.de [XSS]
• pcworld.co.uk [XSS]
• pbs.org [XSS]
• online.wsj.com [XSS]
• npr.org [XSS]
• weather.com [XSS]
• mut.de [XSS]
• mitp.de [XSS]
• americanexpress.com [XSS]
• netscape.com [XSS]
• thestreet.com [XSS]
• de.atari.com [XSS]
• ati.com [XSS]
• winamp.com [XSS]

And now its up to you ;) Go to the following sites and type the XSS examples from above into the search field =)

(without the whitespaces of course...)

• evite.com [LINK]
• knuddels.de [LINK]
• gutenberg-gym.de [LINK]
• greenpeace.org.uk [LINK]
• hakin9.org [LINK]

FEEDBACK: vx.sky.out [at] gmail [dot] com