|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 78
Members: 0
Total: 78
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Tutorials and whitepapers about cross-site scripting |
|
Posted: Thu May 27, 2004 9:27 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
Last edited by waraxe on Mon Nov 15, 2004 5:50 pm; edited 1 time in total |
|
|
|
|
|
|
|
Posted: Mon May 31, 2004 6:52 am |
|
|
b0ilz |
Regular user |
|
|
Joined: May 31, 2004 |
Posts: 10 |
|
|
|
|
|
|
|
Of all the xss papers out there you decide to link mine. Thanks I guess.
But this paper is very outdated. It was written in I think 2001, when xss was very new. XSS came out in 2000 I believe, if cert is accurate on that. But the idea of using String.fromCharCode() still works very good for evading filters in web apps. Although it should be noted that you dont have to call it for each character like I did back then. You can issue just one call to the function for multiple characters.
btw, wareaxe. Have you read anything on disclosure policies? Or on nondisclosure? Perhaps this will interest you. it is a great movement which got alot of hackers to quit posting to bugtraq http://web.archive.org/web/20010721001413/http://anti.security.is/ It will make you think about why you are disclosing. what are your motives? |
|
|
|
|
|
Re: Tutorials and whitepapers about cross-site scripting |
|
Posted: Sat Jan 08, 2005 9:55 pm |
|
|
godlessturtle |
Regular user |
|
|
Joined: May 16, 2004 |
Posts: 9 |
Location: turkey/izmir |
|
|
|
|
|
|
link isn2t working can u change it:?? |
|
|
|
|
Posted: Mon Mar 06, 2006 8:00 pm |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
here XXS the bible very complete
Quote: | Real World XSS
Author: David Zimmer <dzzie@yahoo.com>Site: http://sandsprite.com/SleuthArticle Downloads: small_xss_utilities.zip
Section 1
- Introduction
- Prerequisites
- About the Article Downloads
- Impacts (Attack Scenario)
- Impact Summary
Section 2 - Methods of Injection, and filtering
- Injection Points
- Injection methods and filtering
- XSS scripting tips and tricks
Section 3 - Inside the mind, mental walk along of a XSS hack
Section 4 - Conclusion |
http://sandsprite.com/Sleuth/papers/RealWorld_XSS_1.html |
|
|
|
|
Posted: Mon Mar 06, 2006 8:04 pm |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
|
|
|
|
Posted: Wed May 13, 2009 5:21 pm |
|
|
xF34Rx |
Regular user |
|
|
Joined: May 10, 2009 |
Posts: 23 |
|
|
|
|
|
|
|
XSSed.com
Thats like a zone-h of XSS..
Always good to learn from attacks. |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|