The XSS Blacklist #2
May 13th, 2005
Disclaimer
The links below are provided "AS IS" and may be used only for legitimate security analysis purposes. Point Blank Security does not in any way shape or form condone the unauthorized access of systems or priviledged information, and specifically prohibits the use or reproduction of this information for such purposes. In no event shall Point Blank Security be liable for any damages whatsoever arising out of or in connection with the use or dissemination of this information. Any use of this information is at the user's own risk.

 Federal Reserve Bank of New York - Fixed Credit: Vasily Gladky 
 CompUSA Credit: Gary H. Jones II 
 SBC Credit: Gary H. Jones II 
 EPA Credit: Gary H. Jones II 
 ABC News - Fixed Credit: Vasily Gladky 
 BlockBuster (Inject XSS into movie search) Credit: Vasily Gladky 
 BizRate - Fixed Credit: Vasily Gladky 
 CNET Credit: Jeremiah Jacks 
 Geico Insurance Credit: Gary H. Jones II 
 Oracle Credit: Jeremiah Jacks 
 Cingular Credit: Jeremiah Jacks 
 Poetry.com Credit: Gary H. Jones II 
 US Dept. Of State - Fixed Credit: Gary H. Jones II 



 Journal Sentinel Credit: Gary H. Jones II 
 National Institutes of Health Credit: Gary H. Jones II 
 Federal Deposit Insurance Corporation Credit: Gary H. Jones II 
 FedEx Credit: Vasily Gladky 
 DHL (Inject XSS into tracking search number) Credit: Vasily Gladky 
 Internet Movie Database Inc. Credit: Gary H. Jones II 
 Washington Post Credit: Jeremiah Jacks 
 World Bank Credit: Vasily Gladky 
 CBS News Credit: Gary H. Jones II 
 DrudgeReportArchives Credit: Gary H. Jones II 
 Space.com Credit: Gary H. Jones II 
 D-Link Credit: Gary H. Jones II 



 Nortel Networks Credit: Gary H. Jones II 
 ThermalTake Credit: Vasily Gladky 
 M&T Bank Credit: Gary H. Jones II 
 Magellan GPS (Inject XSS into search box) Credit: Gary H. Jones II 
 Go.com Credit: Gary H. Jones II 
 Orbitz.com (Inject XSS into To/From fields) Credit: Gary H. Jones II 
 SonyStyle.com Credit: Gary H. Jones II 
 The Weather Channel Credit: Gary H. Jones II 
 Travelocity Credit: Gary H. Jones II 
 QVC Credit: Gary H. Jones II 
 Asus Credit: Vasily Gladky 
 PcMall Credit: Vasily Gladky 
 JC Penney Credit: Vasily Gladky 
 PetSmart (Inject XSS into search box) Credit: Vasily Gladky 
 Kmart Credit: Vasily Gladky 
 nVidia Credit: Vasily Gladky 
 Chaintech Credit: Vasily Gladky 
 TigerDirect Credit: Vasily Gladky 
 US Dept. of Treasury - Fixed Credit: Vasily Gladky 
 Intelius.com (Inject XSS to First/Last name fields) Credit: Gary H. Jones II