Google Dorks for Cross-site Scripting (XSS)

Cross-site Scripting (XSS) is a client-side code injection attack in which an attacker can execute malicious scripts to victim site or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. XSS flaws can be difficult to identify and remove from a web application. XSS attacks categorized into three types stored, reflected and DOM Based XSS.

Here’s some updated keywords to find XSS vulnerable site by using Dorks

1/2wayvideochat/index.php?r=
2/elms/subscribe.php?course_id= /elms/subscribe.php?course_id=
3/gen_confirm.php?errmsg= /gen_confirm.php?errmsg=
4/hexjector.php?site= /hexjector.php?site=
5/index.php?option=com_easygb&Itemid=
6/index.php?view=help&faq=1&ref=
7/index.php?view=help&faq=1&ref=
8/info.asp?page=fullstory&key=1&news_type=news&onvan=
9/info.asp?page=fullstory&key=1&news_type=news&onvan=
10/main.php?sid= /main.php?sid=
11/news.php?id= /news.php?id=
12/notice.php?msg= /notice.php?msg=
13/preaspjobboard//Employee/emp_login.asp?msg1=
14/Property-Cpanel.html?pid= /Property-Cpanel.html?pid=
15/schoolmv2/html/studentmain.php?session=
16/search.php?search_keywords= /search.php?search_keywords=
17/ser/parohija.php?id= /ser/parohija.php?id=
18/showproperty.php?id= /showproperty.php?id=
19/site_search.php?sfunction= /site_search.php?sfunction=
20/strane/pas.php?id= /strane/pas.php?id=
21/vehicle/buy_do_search/?order_direction=
22/view.php?PID= /view.php?PID=
23/winners.php?year=2008&type= /winners.php?year=2008&type=
24/winners.php?year=2008&type= /winners.php?year=2008&type=
25index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”
26index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”
27intext:”Website by Mile High Creative”
28inurl:”.php?author=”
29inurl:”.php?cat=”
30inurl:”.php?cmd=”
31inurl:”.php?feedback=”
32inurl:”.php?file=”
33inurl:”.php?from=”
34inurl:”.php?keyword=”
35inurl:”.php?mail=”
36inurl:”.php?max=”
37inurl:”.php?pass=”
38inurl:”.php?pass=”
39inurl:”.php?q=”
40inurl:”.php?query=”
41inurl:”.php?search=”
42inurl:”.php?searchstring=”
43inurl:”.php?searchst­ring=”
44inurl:”.php?tag=”
45inurl:”.php?txt=”
46inurl:”.php?vote=”
47inurl:”.php?years=”
48inurl:”.php?z=”
49inurl:”contentPage.php?id=”
50inurl:”displayResource.php?id=”
51inurl:.com/search.asp
52inurl:/poll/default.asp?catid=
53inurl:/products/classified/headersearch.php?sid=
54inurl:/products/orkutclone/scrapbook.php?id=
55inurl:/search_results.php?search=
56inurl:/­search_results.php?se­arch=
57inurl:/search_results.php?search=Search&k=
58inurl:/search_results.php?search=Search&k=
59inurl:”contentPage.php?id=”
60inurl:”displayResource.php?id=”
61inurl:com_feedpostold/feedpost.php?url=
62inurl:headersearch.php?sid=
63inurl:scrapbook.php?id=
64inurl:search.php?q=
65pages/match_report.php?mid= pages/match_report.php?mid=

Leave a Reply

Your email address will not be published.