|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Tuesday, 19 September 2006 15:20 |
 ###############################################################
---------------------------- [HSC] HackersCenter IT Security Research Team ---------------------------
###############################################################
There are still many sites with xss vulnerabilities. Here I listed few well known sites with such holes. XSS is considered not dangerous, but the truth is different, if you ask those who code, they will tell you how any genius script code can be used in this attack to even compromise the server or the website its self. These admins are just some that take web security lightly and such sites like Travel Zoo and other are threat to its costumers. I personally would not want to shop on site that has some sort of web security holes. An attacker could exploit this vulnerability to have arbitrary script code execute in the context of the affected site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Exploit: XSS
1. www.allonesearch.com
2. www.nndb.com
3. www.shoplocal.com
4. www.internic.net
5. www.superpages.com
6. www.mbusa.com/index.do
7. www.toyota.com
8. www.bloglines.com
9. www.allbusiness.com
10. www.bananaslug.com
11. www.pbs.org
12. www.hotbot.com
13. www.orbitz.com
14. www.travelzoo.com
15. www.continental.com
16. www.nwa.com
17. www.shop.com
18. www.lycos.com
19. www.corel.com
20. www.computerworld.com
21. www.techworld.com
22. www.javaworld.com
23. www.cwnp.com
24. www.earthlink.net
25. www.blockbuster.com
26. www.classmates.com
27. www.sears.com
28. www.ice.com
29. www.jewelrycentral.com
30. www.jcpenney.com
31. www.sportsline.com
32. www.buy.com
33. www.shopzilla.com
34. www.refurbdepot.com
35. www.shopnbc.com
36. www.smartbargains.com
37. www.shoppbs.org
38. www.northerntool.com
39. www.gnc.com
40. www.cabelas.com
41. www.wbshop.com
42. www.foxcareers.com
43. www.astalavista.box.sk
44. www.jiwire.com
45. www.bizrate.com
46. www.hilton.com
47. www.nyc.com
48. www.nycbloggers.com
49. www.hotels.com
50. www.unfoundation.org
51. www.euromoney.com
52. www.pcmall.com
53. www.NTIS.Gov
54. www.VCExperts.com
55. www.Thomasnet.com
56. www.Geeklog.net
57. www.ibm.com
58. www.stopbadware.org
59. www.hotscripts.com
60. www.appleinsider.com
61. www.rentacoder.com
62. www.codeproject.com
63. www.aol.com
& More ...
Most Vendors have been notified, but fixing is there call.
|
