XSS tutorial & filtering

Posted by wooshy
October 25, 2007

I found this interesting site on XSS. It’s a good tutorial if you want to show a newbie/novice something. And certainly demonstrates XSS and cookie stealing quite handily.

http://www.steve.org.uk/Hacks/XSS/index.html

It’s a bit thin on the xss filtering side. There really should be a white paper on XSS filtering techniques. If not, why the hell not! The following looks like a good start…

http://www.ihtb.org/security/xss_hacking_exposed.txt

XSSing

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comment by Fugitif on 30 October 2007 @ 6:52 pm

nice find,thx

Comment by dk on 30 October 2007 @ 10:00 pm

Ye some great links there Wooshy.

Pingback by Donncha’s Wednesday Links at Holy Shmoly! on 31 October 2007 @ 9:38 am

[...] XSS? Cross site scripting? What’s that? If that means nothing to you, read xss hacking exposed. The new $wpdb->prepare() function makes protecting SQL queries in WordPress much easier now. via [...]

Comment by wooshy on 1 November 2007 @ 11:21 pm

And let’s not forget, there’s michael daw’s very own cheat sheet!

Pingback by Operation n » XSS - Proof of Concept on 2 November 2007 @ 7:08 am

[...] goes back to the post about XSS tutorial and filtering. Now as you may know, the litmus test for XSS is <script>alert(’michael daw woz [...]

Leave a comment

(required)

(required)