----/HELP FiLE: XSSiNG HELP.TXT/---------
-----------------------------=[ XSS ScanneR  1.0 ]=-----------------------------
                                   By Xylitol

I show you 20 dork exemples:

inurl:".php?cmd="
inurl:".php?z="
inurl:".php?q="
inurl:".php?search="
inurl:".php?query="
inurl:".php?searchstring="
inurl:".php?keyword="
inurl:".php?file="
inurl:".php?years="
inurl:".php?txt="
inurl:".php?tag="
inurl:".php?max="
inurl:".php?from="
inurl:".php?author="
inurl:".php?pass="
inurl:".php?feedback="
inurl:".php?mail="
inurl:".php?cat="
inurl:".php?vote="



top level domains for xssing (make your own dork with this TLD):

+--------------------------------------------------------------------------------------------------------------------------------------+
|                                                                  Generic top-level domains                                           |
|--------------------------------------------------------------------------------------------------------------------------------------+
|                                                                           Current                                                    |
|--------------------------------------------------------------------------------------------------------------------------------------+
|     Generic     | .biz   | .com   | .info  | .name  | .net   | .org   | .pro   |                                                     |
+-----------------+--------+--------+--------+--------+--------+--------+--------+--------+-------+--------+---------+-------+---------+
|    Sponsored    | .aero  | .asia  | .cat   | .coop  | .edu   | .gov   | .int   | .jobs  | .mil  | .mobi  | .museum | .tel  | .travel |
+-----------------+--------+-----------------------------------------------------------------------------------------------------------+
| Infrastructure  |.arpa   |                                                                                                           |
+-----------------+--------+-----------------------------------------------------------------------------------------------------------+

domains can have: .gov.cn | .mil.kr | gov.uk | etc..

some extensions:
.html
.asp
.aspx
.jsp
.jspx
.php

etc...
Now you know that, you are the xss dorker's king