Home page logo

webappsec logo WebApp Sec mailing list archives

RE: SQL Injection
From: "WebAppSecurity [Technicalinfo.net]" <webappsec () technicalinfo net>
Date: Wed, 9 Jun 2004 20:09:30 +0100

      There are many many more possibilities for XSS then simply the 
      <script> tag, of course it depends on where the resulting string
      ends up, but simply replacing the <script> tag is *not* enough.

You may want to have a read of http://www.technicalinfo.net/papers/CSS.html
which goes into some of the alternitive atack vectors - and can readily
ported across for SQL insertion... In fact any code insertion attack



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]