References And Further Reading
| | ||
| Reference | Link |
|---|---|
| Relevant Vendor Bulletins and Patches | |
| Internet Information Server Returns IP Address in HTTP Header (Content-Location) | http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q218180 |
| HTTP Response Splitting | http://www.watchfire.com/securityzone/library/whitepapers.aspx |
| XSS Cheat Sheet by RSnake | http://ha.ckers.org/xss.html |
| URL Encoded Attacks by Gunter Ollmann | http://www.technicalinfo.net/papers/URLEmbeddedAttacks.html |
| (UTF-7) XSS vulnerabilities in Google.com | http://www.watchfire.com/securityzone/advisories/12-21-05.aspx |
| Free Tools | |
| netcat for Windows | |
| Cygwin | http://www.cygwin.com/ |
| lynx | http://lynx.browser.org/ |
| wget | http://www.gnu.org/directory/wget.html |
| General References | |
| RFC 2396: "Uniform Resource Identifiers (URI): Generic Syntax" | http://www.ietf.org/rfc/rfc2396.txt |
| HTML 4.01 FORM specification | http://www.w3.org/TR/html401/interact/forms.html |
| PHP scripting language | http://www.php.net/ |
| ASP.NET scripting language | http://www.asp.net/ |
| Cross-site scripting overview (in French) | http://balteam.multimania.com/Tuts/css.txt |
| CERT advisory | http://www.cert.org/advisories/CA-2000-02.html |
| Hotmail XSS vulnerability | http://www.usatoday.com/life/cyber/tech/2001-08-31-hotmail-security-side.htm |
| | ||
EAN: 2147483647
Pages: 127