HTML Injection – Revisited

Thegooglecache.com has a write up on one way of googling for sites that have xss / html injection opportunities.

It also helps if you start adding things in the query like html tags in the url. So, for example….

inurl:”3C*3E” inurl:”font*font” -intext:3C -intext:font

or

inurl:”3C*3E” inurl:”strong*strong” -intext:3C -intext:strong

Both comments and pings are currently closed.

One Response to “HTML Injection – Revisited”

  1. [...] Well on last weeks mesothelioma case study I received this comment in my moderation cue. At first glance I just though someone was being cute by comment spamming me with an XSS attack. [...]