XSS cheatsheet

01 11 2005

Note from the author: XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate XSS vectors or how to write the actual cookie/credential stealing/replay/session riding portion of the attack. It will simply show the underlying methodology and you can infer the rest. Also, please note my XSS page has been replicated by the OWASP 2.0 Guide (Open Web Application Security Project) in the Appendix section with my permission. However, because this is a living document I suggest you continue to use this site to stay up to date.

http://ha.ckers.org/xss.html

Defined tags for this entry: 1
Комментарии : Нет комментариев. »
Категории : Веб разработка
Обратные ссылки : Нет обратных ссылок »
< ADODB – русская документация (часть 1) | un ensemble de bonnes pratiques pour la qualité des services en ligne >

Обратные ссылки

URI этой записи для создания обратных ссылок (trackback)

Нет обратных ссылок

Комментарии

Показывать комментарии (Как список | Древовидной структурой)
Нет комментариев.

Добавить комментарий


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA