"One of the best ways to get yourself a reputation as a dangerous citizen these days is to go about repeating the very phrases which our founding fathers used in the great struggle for independence." --Charles Austin Beard
Finding errors such as inputting a string instead of a number or "" or "/" instead of a string, or a very long string & a very large number. All this malformed parameters can help us find the place to inject XSS script.
The "Tag Closer" method is used by inputing non-alphabetic and non-numeric chars
inside form's input text boxes. This chars could be: ,/,~,!,#,$,%,^,&,-,[,],null(char 255),.(dot)
But the chars that mostly does the job is either " or '. What we do is just insert "> or '> inside
a text box instead of our name/email/username/password and etc...
The best protection against it is filtering and removing from recieved input any non-alphabetic and non-numeric chars
and testing to make sure that the filtering system works! "To make XSS and SQL Injections Leet you must apply Social Engineering"
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 21 comments.
HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.