Hi forum friends,
link here: http://code.google.com/p/wfuzz/source/b ... SS.txt?r=2
and another database here: http://www.owasp.org/index.php?title=Ca ... setlang=en
and here: http://airodump.net/xss-pentest-plugin- ... scripting/
All checked andf blocked by my firekeeper extension, example:
=== Triggered rule ===
alert(url_content:"%3CSCRIPT"; nocase; msg:"<script> tags GET request cross site scripting attempt"; url_re:"/%3Cscript.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
=== Request URL ===
htxp://www.google.com/search?client=flock&chan ... utf-8&aq=t
and a good read: http://www.xc0re.net/index.php?p=1_10_Knowledge-Core
Mind you when it starts with " it does not work.....
Just one more example:
=== Triggered rule ===
alert(url_content:"javascript:"; nocase; msg:"javascript: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
=== Request URL ===
http://pmw90687.surfcanyon.com/queryRef ... rable=true;
NoScript alerts here and blocks/ filters this one out...
Some more tests with firekeeper and in combination with webbug: http://forum.avast.com/index.php?topic=62153.0
luntrus
Pentest XSS...
Pentest XSS...
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.19) Gecko/2010062819 Firefox/3.0.19 Flock/2.6.1