mailing list archives
XSS, Command and SQL Injection vectors: Beyond the Form
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Wed, 3 Jun 2009 20:03:34 -0400
We are all familiar with XSS via a form field in a web application, but what
about other vectors? The article talks about using User Agent strings, even
logs, object properties and other odd alternative vectors for XSS, SQL and
What other vectors can you think of? Any real world examples?
-------------- next part --------------
An HTML attachment was scrubbed...
- XSS, Command and SQL Injection vectors: Beyond the Form Adrian Crenshaw (Jun 04)