lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <001501c73ebf$43f6ec80$0201a8c0@paycycle.com>
Date: Mon, 22 Jan 2007 23:22:38 -0800
From: "Anurag Agarwal" <anurag.agarwal@...oo.com>
To: <bugtraq@...urityfocus.com>
Subject: xss filter to protect from xss attacks

I have created a xss filter to protect from xss attacks. Though i have 
filtered only for 8 characters but i was able to test against all the 
attacks mentioned in the RSnake's cheat sheet. Appscan was not able to 
detect any xss attacks on it. I request the application security community 
to help test this filter. 90% i am sure that you wont be able to perform any 
xss attack on it, the rest 10% i will find out after the feedback from the 
community. For the curious mind, it is written in java

In case if you are successful in performing xss attack, please do reply to 
this email with your name, browser and the xss attack string.

url - http://www.attacklabs.com/xssfilter/

I appreciate your time and effort. Thanks a lot in advance

regards
Anurag 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ