Cenzic 232 Patent
Paid Advertising
web application security lab

Interesting Writeup on Google Hacking to find XSS

I’m really behind in email so this is a few days old, but Michael Sutton wrote up an interesting post about the rate of vulnerability for a few simple search terms. He found that around 17.3% of the sites he checked for were vulnerable to XSS on the exact page that the search engine sent him to (when querying for things like inurl:"search=xxx" intext:"search results for xxx").

Of course that’s not actually the number of vulnerable sites, that’s just what he was able to find at that given URL on those sites. The statistic may also be slightly misleading because it depends on the search term given. Obviously there are other Google dorks that could have proved to be 100% or 0% depending on how they are constructed. But still, it’s interesting, and certainly a valid way to identify large scale swaths of vulnerable sites.

Writing automated scanners to pick up huge chunks of vulnerable sites is incredibly easy if you are uninterested in targeted attacks or are more of a opportunistic exploiter. But providing a JSON interface to a search API could also help in cross domain XSS virus propagation as well.

One Response to “Interesting Writeup on Google Hacking to find XSS”

  1. .:Computer Defense:. » How Prevalent Are XSS Vulnerabilities? Says:

    […] There’s an excellent post over on Michael Sutton’s blog on the prevalence of XSS Vulnerabilities (Hat Tip: ha.ckers.org blog). The looks first to Mitre’s numbers on XSS and then moves on to searching Google to find XSS, potential search strings, how to automate the process, the actual detection and then provides results. The raw results are below: […]