Since xssed.org appears to be out of action there seems to be a need for an active xss defacement mirror. Some alternatives exist, such as the original XSS disclosure thread on sla.ckers.org or http://bugtraq.byethost22.com/. However these two sites don't offer the ease of use that xssed.org did with reporting xss.
If xssed.org cannot be brought back to life, this is what I would like to see in a defacement mirror:
If xssed.org cannot be brought back to life, this is what I would like to see in a defacement mirror:
- Ability to submit post and cookie data or even tamper data xml
- Automatic screen/browser-shot of the hole
- Some level of community control to minimize the number of holes that needs to be moderated by admins
- Automatic notification to the domain owner using postmaster, hostmaster, abuse, etc
- Status indicator (validated, fixed, etc)
- Automatic submission and validation by script src=http://xss-mirror/subandvalidate.js?username or similar technique
- Published statistics; users, vulns, fixed, etc
