Hello World, for a future project I’ll release within the next two weeks, I am going to search XSS vulnerabilities in Alexa’s 50 most popular homepages out there.

My approach will be documented here, let’s see how far I’ll get

UPDATE: Only 19 homepages left!

• yahoo done by potti
• MSN
• Google
• YouTube done by potti
• MySpace done
• Windows Live
• Orkut
• Microsoft
• Megaupload done
• Blogger
• Ebay done
• hi5 done
• Rapidshare
• Facebook
• Amazon done
• Fotolog done by potti
• Passport.net
• Friendster
• BBC.co.uk done by potti
• IMDB done
• Go.com done by potti
• CraigsList done by potti
• Flickr
• imageshack done by potti
• CNN done by potti
• Photobucket done by potti
• AOL done
• Xanga done
• geocities
• adultfriendfinder
• imagevenue done
• Apple
• Rediff.com done
• Digg done
• Alibaba.com done
• Adobe
• Starware.com
• About.com done by potti
• Badongo
• Sourceforge.net done
• Dailymotion
• Deviantart done
• Wordpress.com done by potti
• Comcast

Note: Some duplicate Google domains are missing.





Did you Like this Post? Try these ones! :)

Wordpress: Akismet XSS Security Flaw (Beware of the Dog!) on May 14th, 2007

Wordpress ZeroDay Vulnerability Roundhouse Kick and why I nearly wrote the first Blog Worm (updated) on July 31st, 2007

2123 Nearly Compromised Blogspot Blogs on August 10th, 2007

SEO Title Tag Wordpress Plugin Vulnerability: Cross-Site Scripting in my own Homepage on August 16th, 2007

Digg, Delicious, Netscape & Technorati Hacked on March 31st, 2007




This entry was posted on Wednesday, March 28th, 2007 at 10:08 and is filed under XSS List, Websecurity, Full Disclosure. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.