Try WebGoat from OWASP http://www.owasp.org/webgoat/
It is a demo web application with XSS and many other problems like SQL Injection. A new version with full installers for Win32 and Linux will be released next week. ---- Jeremy Junginger <[EMAIL PROTECTED]> wrote: > After reading the papers by iDefense and the paper at > http://www.technicalinfo.net/papers/CSS.html , I would like to put a > working example together to familiarize our web developers with XSS > vulnerabilities and their impact on the web site (and business). I > would like to poll the group for interesting ways to demonstrate these > vulnerabilities in a lab environment. Thanks for taking the time to > give your input. > > -Jeremy > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
