Hello,
Try: http://ha.ckers.org/xss.html
- Ben
Konstantin Rozinov wrote:
does anyone know where I can find a list of sample MALICIOUS data that
i can input into my forms to see how the code reacts?
i'm not looking for any automation or program, just the actual sample
data. i'm trying to do QA on my code.
any help would be greatly appreciated. thanks.
On Sat, Nov 29, 2008 at 12:12 AM, Elijah Insua <[EMAIL PROTECTED]> wrote:
Yeah, or these two words: "Filter Input"
Which ever route you take. you also need to do sql injection cleansing.
scrub, rinse, repeat.
On Fri, Nov 28, 2008 at 8:00 PM, Chris Shiflett <[EMAIL PROTECTED]> wrote:
On Nov 28, 2008, at 16:59, Michele Waldman wrote:
What about inserting a comment
<script>alert('hi');</script>'; delete from users;
Like I'm going to name my table users?
With that one statement about they have performed a sql injection and
html injection in one stroke.
Bada bing bada bang bada boom
Next time I display their comment out of the database they are popping up
an alert to every user and my users are gone.
Michele
Two words: escape output
--
Chris Shiflett
http://shiflett.org/
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
