Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

XSS, Command and SQL Injection vectors: Beyond the Form
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Wed, 3 Jun 2009 20:03:34 -0400

We are all familiar with XSS via a form field in a web application, but what
about other vectors? The article talks about using User Agent strings, even
logs, object properties and other odd alternative vectors for XSS, SQL and
command injection.

http://www.irongeek.com/i.php?page=security/xss-sql-and-command-inject-vectors

What other vectors can you think of? Any real world examples?

Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090603/1ce4ddf0/attachment.htm 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]