Since xssed.org appears to be out of action there seems to be a need for an active xss defacement mirror. Some alternatives exist, such as the original XSS disclosure thread on sla.ckers.org or http://bugtraq.byethost22.com/. However these two sites don't offer the ease of use that xssed.org did with reporting xss.
If xssed.org cannot be brought back to life, this is what I would like to see in a defacement mirror:
If xssed.org cannot be brought back to life, this is what I would like to see in a defacement mirror:
- Ability to submit post and cookie data or even tamper data xml
- Automatic screen/browser-shot of the hole
- Some level of community control to minimize the number of holes that needs to be moderated by admins
- Automatic notification to the domain owner using postmaster, hostmaster, abuse, etc
- Status indicator (validated, fixed, etc)
- Automatic submission and validation by script src=http://xss-mirror/subandvalidate.js?username or similar technique
- Published statistics; users, vulns, fixed, etc
xssed.com lives. I've never heard about the .org - sure it's not a typo?
It's the same site, just a different hostname.
xssed is online, but not exactly active. http://www.xssed.com/archive shows that someone finally approved 2 entries since September. There are almost 8000 xss on hold as of right now. I consider it's current backlogged status to be "inactive or dying" and I would love to see it turn around.
I have emailed them and offered my help, but received no response. Some of my suggestions might be just the thing to help clear out the backlog, but then again maybe not. After all it's just a wish list.
hi
thanks for this site:
http://bugtraq.byethost22.com/
---
we can search by reporter name:
http://bug-traq.co.cc/search.php?reper=anonymouse
or site name:
http://bug-traq.co.cc/search.php?site=nasa
or by team:
http://bug-traq.co.cc/search.php?team=Devilz%20Tm
Well, guess we could spider/crawl what's up and fork our own. Please do feel free to email me if you'd like to work on that project.