|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Glyn (glyng_at_bigfoot.com)
Date: Mon Dec 16 2002 - 05:23:59 CST
Check out Gunter's paper for a concise list of XSS attack techniques:
http://www.technicalinfo.net/papers/CSS.html
> -----Original Message-----
> From: securityarchitect
hush.com [mailto:securityarchitecthush.com]
> Sent: 16 December 2002 07:55
> To: webappsecsecurityfocus.com
> Subject: XSS Strings
>
>
>
> Maybe more for vuln-dev but I have bitten the bullet and
> pulled out wget and perl and am gonna start testing my apps
> for XSS and I need to build the ultimate list of payloads.
>
> For the html tags period I guess its the classic;
>
> <script>alert(document.cookie)</script>
> <a href="X" onmouseover="alert(document.cookie">
> <javascript ="http://www.host/script.js"
> "javascript:alert(document.cookie)"
> <iframe = c:\>
> <img src = "evil.js">
>
> But I seem to recall some old versions of Netscape run the { etc
>
> Does anyone have a good list of payloads that will cover the
> majority of the options ?
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Big $$$ to be made with the HushMail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]