After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.
It can be used as a powerful dork list so let’s update your scanners and get bounties!
First here is the list of most vulnerable parameters along with their frequency.
| Dork | Frequency |
|---|---|
| q | 5.5% |
| s | 4.5% |
| search | 1.9% |
| id | 1.7% |
| lang | 1.4% |
| keyword | 1.2% |
| query | 1.1% |
| page | 1.0% |
| keywords | 0.8% |
| year | 0.8% |
| view | 0.8% |
| 0.8% | |
| type | 0.7% |
| name | 0.7% |
| p | 0.7% |
| month | 0.6% |
| immagine | 0.6% |
| list_type | 0.5% |
| url | 0.5% |
| terms | 0.5% |
| categoryid | 0.5% |
| key | 0.5% |
| l | 0.5% |
| begindate | 0.4% |
| enddate | 0.4% |
| categoryid2 | 0.4% |
| t | 0.4% |
| cat | 0.4% |
| category | 0.4% |
| action | 0.4% |
| bukva | 0.4% |
| redirect_uri | 0.4% |
| firstname | 0.4% |
| c | 0.4% |
| lastname | 0.3% |
| uid | 0.3% |
| startTime | 0.3% |
| eventSearch | 0.3% |
| categoryids2 | 0.3% |
| categoryids | 0.3% |
| sort | 0.3% |
| positiontitle | 0.3% |
| groupid | 0.3% |
| m | 0.3% |
| message | 0.3% |
| tag | 0.3% |
| pn | 0.3% |
| title | 0.3% |
| orgId | 0.3% |
| text | 0.3% |
| handler | 0.2% |
| myord | 0.2% |
| myshownums | 0.2% |
| id_site | 0.2% |
| city | 0.2% |
| search_query | 0.2% |
| msg | 0.2% |
| sortby | 0.2% |
| produkti_po_cena | 0.2% |
| produkti_po_ime | 0.2% |
| mode | 0.2% |
| CODE | 0.2% |
| location | 0.2% |
| v | 0.2% |
| order | 0.2% |
| n | 0.2% |
| term | 0.2% |
| start | 0.2% |
| k | 0.2% |
| redirect | 0.2% |
| ref | 0.2% |
| file | 0.2% |
| mebel_id | 0.2% |
| country | 0.2% |
| from | 0.1% |
| r | 0.1% |
| f | 0.1% |
| field%5B%5D | 0.1% |
| searchScope | 0.1% |
| state | 0.1% |
| phone | 0.1% |
| Itemid | 0.1% |
| lng | 0.1% |
| place | 0.1% |
| bedrooms | 0.1% |
| expand | 0.1% |
| e | 0.1% |
| price | 0.1% |
| d | 0.1% |
| path | 0.1% |
| address | 0.1% |
| day | 0.1% |
| display | 0.1% |
| a | 0.1% |
| error | 0.1% |
| form | 0.1% |
| language | 0.1% |
| mls | 0.1% |
| kw | 0.1% |
| u | 0.1% |
This second list is almost the same but with corresponding path :
| Dork | Frequency |
|---|---|
| /?s= | 3.6 |
| /search?q= | 2.5 |
| /index.php?lang= | 0.6 |
| /pplay/info_prenotazioni.asp?immagine= | 0.6 |
| /shared/lgflsearch.php?terms= | 0.5 |
| /index.php?page= | 0.4 |
| /search?query= | 0.4 |
| /en/Telefon-Cam?search= | 0.4 |
| /index.php?bukva= | 0.4 |
| /pro/events_print_setup.cfm?list_type= | 0.3 |
| /pro/events_print_setup.cfm?categoryid= | 0.3 |
| /pro/events_print_setup.cfm?categoryid2= | 0.3 |
| /?eventSearch= | 0.3 |
| /?startTime= | 0.3 |
| /pro/events_ical.cfm?categoryids= | 0.3 |
| /pro/events_ical.cfm?categoryids2= | 0.3 |
| /pro/events_print_setup.cfm?month= | 0.3 |
| /pro/events_print_setup.cfm?year= | 0.3 |
| /pro/events_print_setup.cfm?begindate= | 0.3 |
| /pro/events_print_setup.cfm?enddate= | 0.3 |
| /search?keyword= | 0.3 |
| /?q= | 0.3 |
| /search/?q= | 0.3 |
| /index.php?pn= | 0.3 |
| /?lang= | 0.3 |
| /property/search?uid= | 0.3 |
| /index.php?id= | 0.3 |
| /search?orgId= | 0.3 |
| /products?handler= | 0.2 |
| /pro/events_print_setup.cfm?view= | 0.2 |
| /pro/events_print_setup.cfm?keywords= | 0.2 |
| /?p= | 0.2 |
| /search.php?q= | 0.2 |
| /?search= | 0.2 |
| /pro/minicalendar_detail.cfm?list_type= | 0.2 |
| /index.php?produkti_po_cena= | 0.2 |
| /index.php?produkti_po_ime= | 0.2 |
| /servlet/com.jsbsoft.jtf.core.SG?CODE= | 0.2 |
| /login?redirect_uri= | 0.2 |
| /connexion?redirect_uri= | 0.2 |
| /index.php?action= | 0.2 |
| /plugins/actu/listing_actus-front.php?id_site= | 0.2 |
| /index.php?mebel_id= | 0.2 |
| /search/?search= | 0.2 |
| /news/class/index.php?myshownums= | 0.2 |
| /news/class/index.php?myord= | 0.2 |
| /search.html?searchScope= | 0.1 |
| /search?field%5B%5D= | 0.1 |
| /videos?tag= | 0.1 |
| /videos?place= | 0.1 |
| /videos?search= | 0.1 |
| /?email= | 0.1 |
| /?cat= | 0.1 |
| /content.php?expand= | 0.1 |
| /?page= | 0.1 |
| /search/?s= | 0.1 |
| /?keywords= | 0.1 |
| /search/?keyword= | 0.1 |
| /apps/email/index.jsp?n= | 0.1 |
| /?name= | 0.1 |
| /?sort= | 0.1 |
| /search?search= | 0.1 |
| /pro/minicalendar_print_setup.cfm?begindate= | 0.1 |
| /pro/minicalendar_print_setup.cfm?enddate= | 0.1 |
| /pro/minicalendar_print_setup.cfm?keywords= | 0.1 |
| /search-results?q= | 0.1 |
| /?listingtypeid= | 0.1 |
| /search?s= | 0.1 |
| /pro/minicalendar_print_setup.cfm?categoryid2= | 0.1 |
| /?bathrooms= | 0.1 |
| /?listingagent= | 0.1 |
| /?featuredsearchseourl= | 0.1 |
| /?squarefeet= | 0.1 |
| /?siteid= | 0.1 |
| /?bedrooms= | 0.1 |
| /?featuredsearch= | 0.1 |
| /?price= | 0.1 |
| /?maxbuilt= | 0.1 |
| /?lsid= | 0.1 |
| /?listingtypes= | 0.1 |
| /?garages= | 0.1 |
| /?maxprice= | 0.1 |
| /?minprice= | 0.1 |
| /?keywordsany= | 0.1 |
| /?yearbuilt= | 0.1 |
| /?minbuilt= | 0.1 |
| /?subdivision= | 0.1 |
| /?lotsizeval= | 0.1 |
| /?listingstatusid= | 0.1 |
| /?mls= | 0.1 |
| /firms/?text= | 0.1 |
| /servlet/com.jsbsoft.jtf.core.SG?OBJET= | 0.1 |
| /plan_du_site.php?lang= | 0.1 |
| /index.php?Itemid= | 0.1 |
| /?view= | 0.1 |
| /?t= | 0.1 |
| /?selat= | 0.1 |
| /?selong= | 0.1 |
| /?nwlat= | 0.1 |
| /?geo= | 0.1 |
I hope you enjoy this 🙂
This XSS dork technique is old and has been copied from twitter account https://twitter.com/brutelogic
@IAMMUSTAFAQADRI show me proof of that