Finding URI HTML Injection Opportunities

Query Google to find URI HTML Injection opportunities.

Pretty simple base query…

inurl:”3C*3E” -intext:”3C*3E”

just add stuff like -intext:”Page Not Found” or to the query to make it match your needs.

It also helps if you start adding things in the query like html tags in the url. So, for example….

inurl:”3C*3E” inurl:”font*font” -intext:3C -intext:font


inurl:”3C*3E” inurl:”strong*strong” -intext:3C -intext:strong

It is not perfect, but it can give you an idea of sites that Google is used to indexing pages with this kind of garbage in the URL.

No tags for this post.


  1. Tony Spencer
    May 1, 2006

    I’m appalled that you would be involved this type of thing Russ! 🙂

  2. sagbee
    Nov 7, 2006

    now, what i excately looking for that. :). hope you will better understand us more…

  3. yza
    Aug 29, 2007

    Thank you for sharing.


  1. HTML Injection - Revisited SEO Black Hat: Black Hat SEO Blog - [...] has a write up on one way of googling for sites that have xss / html injection opportunities.…
  2. » Blog Archive » Google can find XSS for you - [...] has a brief but interesting article on finding XSS exploits that are in URLs. Honestly this is a…

Submit a Comment

Your email address will not be published. Required fields are marked *