PaulDotCom mailing list archives
XSS, Command and SQL Injection vectors: Beyond the Form
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Wed, 3 Jun 2009 20:03:34 -0400
We are all familiar with XSS via a form field in a web application, but what about other vectors? The article talks about using User Agent strings, even logs, object properties and other odd alternative vectors for XSS, SQL and command injection. http://www.irongeek.com/i.php?page=security/xss-sql-and-command-inject-vectors What other vectors can you think of? Any real world examples? Adrian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090603/1ce4ddf0/attachment.htm
Current thread:
- XSS, Command and SQL Injection vectors: Beyond the Form Adrian Crenshaw (Jun 03)
- XSS, Command and SQL Injection vectors: Beyond the Form Jim Halfpenny (Jun 03)