XSS defacement mirror

| | Comments (4)
Since xssed.org appears to be out of action there seems to be a need for an active xss defacement mirror. Some alternatives exist, such as the original XSS disclosure thread on sla.ckers.org or http://bugtraq.byethost22.com/. However these two sites don't offer the ease of use that xssed.org did with reporting xss.

If xssed.org cannot be brought back to life, this is what I would like to see in a defacement mirror:

  • Ability to submit post and cookie data or even tamper data xml
  • Automatic screen/browser-shot of the hole
  • Some level of community control to minimize the number of holes that needs to be moderated by admins
  • Automatic notification to the domain owner using postmaster, hostmaster, abuse, etc
  • Status indicator (validated, fixed, etc)
  • Automatic submission and validation by script src=http://xss-mirror/subandvalidate.js?username or similar technique
  • Published statistics; users, vulns, fixed, etc
I understand that there might be a business model involved here and things might not turn out quite like I had wished. Hopefully someone will take up the torch and either bring xssed back to life or start a new site to fill the gap left behind.


xssed.com lives. I've never heard about the .org - sure it's not a typo?

It's the same site, just a different hostname.

xssed is online, but not exactly active. http://www.xssed.com/archive shows that someone finally approved 2 entries since September. There are almost 8000 xss on hold as of right now. I consider it's current backlogged status to be "inactive or dying" and I would love to see it turn around.

I have emailed them and offered my help, but received no response. Some of my suggestions might be just the thing to help clear out the backlog, but then again maybe not. After all it's just a wish list.

thanks for this site:
we can search by reporter name:
or site name:
or by team:

Well, guess we could spider/crawl what's up and fork our own. Please do feel free to email me if you'd like to work on that project.

No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.