PDA

View Full Version : Where Nobody Knows You're a Virus



MOP
07-12-2009, 09:01 AM
http://www.washingtonpost.com/wp-dyn/content/article/2009/07/11/AR2009071100683.html

txtaz
07-12-2009, 11:24 AM
Yep it's called XSS(Cross Site Scripting) or SQL injection depending on the backend of the site.

I just wrote an error handler that just sends the referral URL to a dummy "ooopppsss you have a problem" page if I detect any <script> inclusions or sql='somewthing'.

For the most part Microsfts XSS included libraries catches most attacks.