Tag: xss
The WASC Threat Classification v2.0
by dominee on Jan.04, 2010, under security
The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language and definitions for web security related issues.
utf8_decode bypass
by dominee on Aug.21, 2009, under security
Security risks associated with utf8_decode and XSS filters
BlackHat USA 2009; Eduardo Vela Nava (sirdarckcat) and David Lindsay presented a paper entitled “Our Favorite XSS Filters and How to Attack Them”. Very interesting paper, you should definitely take a look at it.
In this paper, besides other things, they presented a very interesting way to bypass XSS filters using Unicode charcters.
XSS : vuln.php?input=%F6%3Cimg+onmouseover=prompt(/xss/)//%F6%3E
SQLi : index.php?username=test%FC%27%27+or+1=1+–+&password=a
outch.
-
Hell-0!. Welcome to from.hell!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
Event Calendar
« Aug 
Oct » September 2010 M T W T F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
