Another set of target types is reflective queries. Those of you using query forms, search session engines, search engines, and reflecting parameters, anything that reflects information back. When you look up something on Google, like test, it will say you looked up test and then it lists the items.

If the queries are filtered out, it will say you looked up whatever your code is and then it will execute your code. Vulnerable sites include CA.com and Comcast.net, which they have known about for years and still never fixed. Apple Online Store, Barclays Bank, and Adelaide Bank have also been reported and most of them have not been fixed.

Another target type is misconfigured 404s, basically allowing cross-site scripting. They reflect information, so when you are directed to a 404, when you go to a page that is not found, it will tell you X page is not found. If I go to index.html instead of index@html, it will say 'index.html is not found'.

Some people make their own 404s, because they want to have a glamorous 404 that helps the user. But what will happen is it will not have protection against filtering the code type input. If there is a slash index.html and I say slash, script, alert, it will actually execute it. So in this case, we found what I call glorified 404s tend to lend a hand to vulnerable 404s altogether because the standard apache and the standard IIS (ph) 404s are safe.

ph is an internet facility that lets you search for someone's e-mail address if their e-mail provider has a ph server. A ph client program comes with Eudora, a popular e-mail program.
Vulnerable sites include Bank of America, www.buckknives.com, Russian Institute of Technology, and the BofA Company for military banking.