Alf sent me a very interesting link today that pretty much validates a lot of the fears I’ve had about the potential of XSS in the underground. This link is to an XSS clearinghouse. It’s in German, but you can probably get the idea. The users go to the site and get to see some XSS for free and others they have to contact the person who found the vulnerabilities. Not only that but it comes side by side with a Google Page Rank indicator to let you know how valuable the link is if you are into blackhat SEO.
This is probably nowhere near as dangerous as what it could be used for (redirecting a user or building a link farm out of high PR sites here or there is thankfully one of the least malicious things you could do). However the potential for using this for far more malicious purposes is highly likely in the not too distant future. I’ve already been asked about people trying to sell exploits so it’s not like we are years away from this or anything. Pretty scary.