| ||
Reference | Link |
---|---|
Relevant Vendor Bulletins and Patches | |
Internet Information Server Returns IP Address in HTTP Header (Content-Location) | http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q218180 |
HTTP Response Splitting | http://www.watchfire.com/securityzone/library/whitepapers.aspx |
XSS Cheat Sheet by RSnake | http://ha.ckers.org/xss.html |
URL Encoded Attacks by Gunter Ollmann | http://www.technicalinfo.net/papers/URLEmbeddedAttacks.html |
(UTF-7) XSS vulnerabilities in Google.com | http://www.watchfire.com/securityzone/advisories/12-21-05.aspx |
Free Tools | |
netcat for Windows | |
Cygwin | http://www.cygwin.com/ |
lynx | http://lynx.browser.org/ |
wget | http://www.gnu.org/directory/wget.html |
General References | |
RFC 2396: "Uniform Resource Identifiers (URI): Generic Syntax" | http://www.ietf.org/rfc/rfc2396.txt |
HTML 4.01 FORM specification | http://www.w3.org/TR/html401/interact/forms.html |
PHP scripting language | http://www.php.net/ |
ASP.NET scripting language | http://www.asp.net/ |
Cross-site scripting overview (in French) | http://balteam.multimania.com/Tuts/css.txt |
CERT advisory | http://www.cert.org/advisories/CA-2000-02.html |
Hotmail XSS vulnerability | http://www.usatoday.com/life/cyber/tech/2001-08-31-hotmail-security-side.htm |
| ||