XSS tutorial & filtering

October 25th, 2007 by wooshy

I found this interesting site on XSS. It’s a good tutorial if you want to show a newbie/novice something. And certainly demonstrates XSS and cookie stealing quite handily.

http://www.steve.org.uk/Hacks/XSS/index.html

It’s a bit thin on the xss filtering side. There really should be a white paper on XSS filtering techniques. If not, why the hell not! The following looks like a good start…

http://www.ihtb.org/security/xss_hacking_exposed.txt

5 Comments so far

  1. Fugitif @ October 30th, 2007

    nice find,thx

  2. dk @ October 30th, 2007

    Ye some great links there Wooshy.

  3. Donncha’s Wednesday Links at Holy Shmoly! @ October 31st, 2007

    [...] XSS? Cross site scripting? What’s that? If that means nothing to you, read xss hacking exposed. The new $wpdb->prepare() function makes protecting SQL queries in WordPress much easier now. via [...]

  4. wooshy @ November 1st, 2007

    And let’s not forget, there’s michael daw’s very own cheat sheet!

  5. Operation n » XSS - Proof of Concept @ November 2nd, 2007

    [...] goes back to the post about XSS tutorial and filtering. Now as you may know, the litmus test for XSS is <script>alert(’michael daw woz [...]

Leave a reply

Recent

Sponsored links