XSS, Command and SQL Injection vectors: Beyond the Form

[irongeek at irongeek.com (Adrian Crenshaw)]

We are all familiar with XSS via a form field in a web application, but what
about other vectors? The article talks about using User Agent strings, even
logs, object properties and other odd alternative vectors for XSS, SQL and
command injection.

http://www.irongeek.com/i.php?page=security/xss-sql-and-command-inject-vectors

What other vectors can you think of? Any real world examples?

Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090603/1ce4ddf0/attachment.htm