Dear All,
May have discussion/views on this topic given at:
http://jeremiahgrossman.blogspot.com/2009/06/results-unicode-leftright-pointing.html
Useful for finding out XSS vulnerabilities.
--
Thanks and Regards:
Parmendra Sharma
Computer Security Analyst
__
Hi Parmendra,
>> You may try different things, for example: if application using decoding the
>> URL encoded payloads supplied by the browser and not output escaping them
>> after, then it might be >>vulnerable.So you >>have to try different things.
>> You have to be more diverse.
It means whe
>>While testing for an XSS issue within a website. How do you be so sure that
>>there is no XSS within a parameter.
If it’s escaping the script in HTML entities like < for < then it’s escaping
it well. But don’t be sure try other variants too.
>>Will u go to inject every varient of the s
hi OWASP Delhi,
I wish to know the steps or P.O.C to show "DOM based XSS". What are the steps
to show dom based XSS ?
for example, to show reflected xs, we just enter
in a text box and click
enter and we can see the script getting reflected and then
If the no is of TATA i can help u out..Just let me know the number.
Regards
On Wed, Jun 3, 2009 at 1:24 PM, Soi, Dhruv wrote:
> I think most of the time it is done by recovery agencies. They use the
> technique of pretending as courier service to grab the address of the
> defaulter and then se
