Also:

XSS in Java apps
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25% 
3D.*getParameter&btnG=Search

(Obvious) SQL Injection in Java apps:
http://www.google.com/codesearch? 
hl=en&lr=&q=executeQuery.*getParameter&btnG=Search

XSS in code from O'Reilly and Sun:
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter 
+package%3A%28oreilly.com%7Csun.com%29&btnG=Search


El 6 Oct 2006, a las 07:45, Gadi Evron escribió:

> Another guy just wrote some more fun keyw ords to search for:
> http://blogs.securiteam.com/index.php/archives/661
>
> On Thu, 5 Oct 2006, Gadi Evron wrote:
>
>> playing with Google Code Search, as Lev Toger just wrote:
>>
>> Google released a code search engine to catch up with Krugle,  
>> Koders, and
>> Codease.
>>
>> Like most of the other Google?s tools it can be easily abused for  
>> hacking
>> :)
>>
>> To find undisclosed vulnerabilities pass over this code:
>>
>> http://www.google.com/codesearch?q=ugly%7Chack%7Cfixme
>>
>> Or some other interesting combination (Use your favorite ugly code
>> comment).
>> -----
>>
>> http://blogs.securiteam.com/index.php/archives/659
>>
>> SO... ugly? dirty hack?
>>
>>      Gadi.
>>
>>
>
> _______________________________________________
> Secure Coding mailing list (SC-L)
> SC-L@securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/ 
> listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/ 
> charter.php

-- 
Stephen de Vries
Corsaire Ltd
E-mail: [EMAIL PROTECTED]
Tel:    +44 1483 226014
Fax:    +44 1483 226068
Web:    http://www.corsaire.com





_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to