download
- Open Office Presentation - HTDEXSSMD5: DE57EB2E787BB9BF1BF8439C8AB97D56
SHA1:B7D36FA5932151A6DA243FC6E2185DB813987F3E - PowerPoint Presentation - HTDEXSSMD5: 554710551AB8A74C7C2D480C795F4273
SHA1:E57E799B714EC7C3B4AD4DD622ABE009F684690F - PDF Presentation - HTDEXSSMD5: 9831F023911AA3C9CE7F860453AA2C9B
SHA1:9B3F85C99FD52E6F3EA3735D7704A24776F42822
How to Detect and Exploit 99% of XSS Vulnerabilities
This presentation has given in Intercon 2007 (Portcullis's internal conference), Talks about exploiting and identifying most common XSS vulnerabilities in real world.
Examples include following types,
- Classic XSS Vulnerabilities
- In HTML Attributes
- In Comments
- In Javascript Blocks
- DOM Based XSS
- Flash Based XSS
- Direct Linking
Presentation was heavily based on demonstration, so you need to fill in the blanks.
Last Updated : 02/04/2008 16:23:40
Related Applications
- BSQL brute forcer V2Updated version of the Blind SQL Injection Brute Forcer from www.514.es. Works against PostgreSQL, MySQL, MSSQL and Oracle and supports custom SQL Queries.
- BSQL HackerBSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
- DoS Attacks Using SQL WildcardsThis paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications.
- Flash Security
- hoppyHTTP options prober and information disclosure scanner
- Insecure Trends in Web 2.0 Applications
- XSS ShellXSS Shell is a powerful XSS backdoor, in XSS Shell one can interactively send requests and get responses from victim and it allows you to keep the control of session
