RE: Cross site scripting explained

From: Loki (loki@fatelabs.com)
Date: 12/15/02

Next message: Dave Monnier: "Re: Cross site scripting explained"

Previous message: labs@NGSEC: "[NGSEC] ngGame #2 - Web Authentication II"
In reply to: michael judge: "Cross site scripting explained"
Next in thread: Dave Monnier: "Re: Cross site scripting explained"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Loki" <loki@fatelabs.com>
To: "'michael judge'" <mjudge3414@comcast.net>, <vuln-dev@securityfocus.com>
Date: Sun, 15 Dec 2002 11:04:55 -0600

Take a look at one of several good papers on the subject. This one was
written by NGSSoftware, a company that has authored several auditing
tools and research papers on the subject.

http://www.nextgenss.com/papers/advanced_sql_injection.pdf

Loki
Fate Research Labs
Internet Warfare and Intelligence
http://www.fatelabs.com

-----Original Message-----
From: michael judge [mailto:mjudge3414@comcast.net]
Sent: Sunday, December 15, 2002 4:12 AM
To: vuln-dev@securityfocus.com
Subject: Cross site scripting explained

Can anyone explain to me or point me to a paper that explains exactly
what cross site scripting is, and how it could be useful/cause
problems for someone? Thanks.

Mike

Next message: Dave Monnier: "Re: Cross site scripting explained"
Previous message: labs@NGSEC: "[NGSEC] ngGame #2 - Web Authentication II"
In reply to: michael judge: "Cross site scripting explained"
Next in thread: Dave Monnier: "Re: Cross site scripting explained"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]