After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.
It can be used as a powerful dork list so let’s update your scanners and get bounties!
First here is the list of most vulnerable parameters along with their frequency.
Dork | Frequency |
---|---|
q | 5.5% |
s | 4.5% |
search | 1.9% |
id | 1.7% |
lang | 1.4% |
keyword | 1.2% |
query | 1.1% |
page | 1.0% |
keywords | 0.8% |
year | 0.8% |
view | 0.8% |
0.8% | |
type | 0.7% |
name | 0.7% |
p | 0.7% |
month | 0.6% |
immagine | 0.6% |
list_type | 0.5% |
url | 0.5% |
terms | 0.5% |
categoryid | 0.5% |
key | 0.5% |
l | 0.5% |
begindate | 0.4% |
enddate | 0.4% |
categoryid2 | 0.4% |
t | 0.4% |
cat | 0.4% |
category | 0.4% |
action | 0.4% |
bukva | 0.4% |
redirect_uri | 0.4% |
firstname | 0.4% |
c | 0.4% |
lastname | 0.3% |
uid | 0.3% |
startTime | 0.3% |
eventSearch | 0.3% |
categoryids2 | 0.3% |
categoryids | 0.3% |
sort | 0.3% |
positiontitle | 0.3% |
groupid | 0.3% |
m | 0.3% |
message | 0.3% |
tag | 0.3% |
pn | 0.3% |
title | 0.3% |
orgId | 0.3% |
text | 0.3% |
handler | 0.2% |
myord | 0.2% |
myshownums | 0.2% |
id_site | 0.2% |
city | 0.2% |
search_query | 0.2% |
msg | 0.2% |
sortby | 0.2% |
produkti_po_cena | 0.2% |
produkti_po_ime | 0.2% |
mode | 0.2% |
CODE | 0.2% |
location | 0.2% |
v | 0.2% |
order | 0.2% |
n | 0.2% |
term | 0.2% |
start | 0.2% |
k | 0.2% |
redirect | 0.2% |
ref | 0.2% |
file | 0.2% |
mebel_id | 0.2% |
country | 0.2% |
from | 0.1% |
r | 0.1% |
f | 0.1% |
field%5B%5D | 0.1% |
searchScope | 0.1% |
state | 0.1% |
phone | 0.1% |
Itemid | 0.1% |
lng | 0.1% |
place | 0.1% |
bedrooms | 0.1% |
expand | 0.1% |
e | 0.1% |
price | 0.1% |
d | 0.1% |
path | 0.1% |
address | 0.1% |
day | 0.1% |
display | 0.1% |
a | 0.1% |
error | 0.1% |
form | 0.1% |
language | 0.1% |
mls | 0.1% |
kw | 0.1% |
u | 0.1% |
This second list is almost the same but with corresponding path :
Dork | Frequency |
---|---|
/?s= | 3.6 |
/search?q= | 2.5 |
/index.php?lang= | 0.6 |
/pplay/info_prenotazioni.asp?immagine= | 0.6 |
/shared/lgflsearch.php?terms= | 0.5 |
/index.php?page= | 0.4 |
/search?query= | 0.4 |
/en/Telefon-Cam?search= | 0.4 |
/index.php?bukva= | 0.4 |
/pro/events_print_setup.cfm?list_type= | 0.3 |
/pro/events_print_setup.cfm?categoryid= | 0.3 |
/pro/events_print_setup.cfm?categoryid2= | 0.3 |
/?eventSearch= | 0.3 |
/?startTime= | 0.3 |
/pro/events_ical.cfm?categoryids= | 0.3 |
/pro/events_ical.cfm?categoryids2= | 0.3 |
/pro/events_print_setup.cfm?month= | 0.3 |
/pro/events_print_setup.cfm?year= | 0.3 |
/pro/events_print_setup.cfm?begindate= | 0.3 |
/pro/events_print_setup.cfm?enddate= | 0.3 |
/search?keyword= | 0.3 |
/?q= | 0.3 |
/search/?q= | 0.3 |
/index.php?pn= | 0.3 |
/?lang= | 0.3 |
/property/search?uid= | 0.3 |
/index.php?id= | 0.3 |
/search?orgId= | 0.3 |
/products?handler= | 0.2 |
/pro/events_print_setup.cfm?view= | 0.2 |
/pro/events_print_setup.cfm?keywords= | 0.2 |
/?p= | 0.2 |
/search.php?q= | 0.2 |
/?search= | 0.2 |
/pro/minicalendar_detail.cfm?list_type= | 0.2 |
/index.php?produkti_po_cena= | 0.2 |
/index.php?produkti_po_ime= | 0.2 |
/servlet/com.jsbsoft.jtf.core.SG?CODE= | 0.2 |
/login?redirect_uri= | 0.2 |
/connexion?redirect_uri= | 0.2 |
/index.php?action= | 0.2 |
/plugins/actu/listing_actus-front.php?id_site= | 0.2 |
/index.php?mebel_id= | 0.2 |
/search/?search= | 0.2 |
/news/class/index.php?myshownums= | 0.2 |
/news/class/index.php?myord= | 0.2 |
/search.html?searchScope= | 0.1 |
/search?field%5B%5D= | 0.1 |
/videos?tag= | 0.1 |
/videos?place= | 0.1 |
/videos?search= | 0.1 |
/?email= | 0.1 |
/?cat= | 0.1 |
/content.php?expand= | 0.1 |
/?page= | 0.1 |
/search/?s= | 0.1 |
/?keywords= | 0.1 |
/search/?keyword= | 0.1 |
/apps/email/index.jsp?n= | 0.1 |
/?name= | 0.1 |
/?sort= | 0.1 |
/search?search= | 0.1 |
/pro/minicalendar_print_setup.cfm?begindate= | 0.1 |
/pro/minicalendar_print_setup.cfm?enddate= | 0.1 |
/pro/minicalendar_print_setup.cfm?keywords= | 0.1 |
/search-results?q= | 0.1 |
/?listingtypeid= | 0.1 |
/search?s= | 0.1 |
/pro/minicalendar_print_setup.cfm?categoryid2= | 0.1 |
/?bathrooms= | 0.1 |
/?listingagent= | 0.1 |
/?featuredsearchseourl= | 0.1 |
/?squarefeet= | 0.1 |
/?siteid= | 0.1 |
/?bedrooms= | 0.1 |
/?featuredsearch= | 0.1 |
/?price= | 0.1 |
/?maxbuilt= | 0.1 |
/?lsid= | 0.1 |
/?listingtypes= | 0.1 |
/?garages= | 0.1 |
/?maxprice= | 0.1 |
/?minprice= | 0.1 |
/?keywordsany= | 0.1 |
/?yearbuilt= | 0.1 |
/?minbuilt= | 0.1 |
/?subdivision= | 0.1 |
/?lotsizeval= | 0.1 |
/?listingstatusid= | 0.1 |
/?mls= | 0.1 |
/firms/?text= | 0.1 |
/servlet/com.jsbsoft.jtf.core.SG?OBJET= | 0.1 |
/plan_du_site.php?lang= | 0.1 |
/index.php?Itemid= | 0.1 |
/?view= | 0.1 |
/?t= | 0.1 |
/?selat= | 0.1 |
/?selong= | 0.1 |
/?nwlat= | 0.1 |
/?geo= | 0.1 |
I hope you enjoy this 🙂
This XSS dork technique is old and has been copied from twitter account https://twitter.com/brutelogic
@IAMMUSTAFAQADRI show me proof of that