Can someone give me some basic XSS and sql injection scripts? (not what it seems)

Posted by ggfan on Stack Overflow See other posts from Stack Overflow or by ggfan
Published on 2010-05-08T02:45:03Z Indexed on 2010/05/08 2:48 UTC
Read the original article Hit count: 237

Filed under:

xss

|

sql

|

inejection

|

php

I am testing out my scripts to see if they will prevent xss and sql injections. Can someone provide me with some basic but good scripts that would "hack" into my programs. I want to test my scripts before it goes online.

© Stack Overflow or respective owner

Related posts about xss

XSS filtering function in PHP

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Does anyone know of a good function out there for filtering generic input from forms? Zend_Filter_input seems to require prior knowledge of the contents of the input and I'm concerned that using something like HTML Purifier will have a big performance impact. What about something like : http://snipplr… >>> More
A way around XSS?

as seen on Stack Overflow - Search for 'Stack Overflow'
In my page I have an script reference to the autoHeight.js file below. I also have an iframe that I want to resize using this code. In firebug I get this error Error: Permission denied for <http://www.siena.edu> to get property HTMLDocument.body from <https://siteframework.siena.edu>… >>> More
Why isn't ValidateRequest="true" enough for XSS prevention?

as seen on Stack Overflow - Search for 'Stack Overflow'
In the notes for Step 1 in the "How To: Prevent Cross-Site Scripting in ASP.NET" it is stated that you should "not rely on ASP.NET request validation. Treat it as an extra precautionary measure in addition to your own input validation." Why isn't it enough? >>> More
Why Google Wave & iGoogle cannot be XSS injected by a widget

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, If you've used google wave or iGoogle you probabely seen that you can insert widgets that are made by third parties without approval. the Question is : How this widgets can't inject XSS or steal the cookies, Are the widgets loaded in an <iframe> ? if yes, then how they can't redirect… >>> More
How Google Wave cannot be XSS injected by a widget

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, If you've used google wave you probabely seen that you can insert widgets that are made by third parties without approval. the Question is : How this widgets can't inject XSS or steal the cookies, Are the widgets loaded in an <iframe> ? if yes, then how they can't redirect google wave… >>> More

Related posts about sql

SQL SERVER – Concat Strings in SQL Server using T-SQL – SQL in Sixty Seconds #035 – Video

as seen on SQL Authority - Search for 'SQL Authority'
Concatenating string is one of the most common tasks in SQL Server and every developer has to come across it. We have to concat the string when we have to see the display full name of the person by first name and last name. In this video we will see various methods to concatenate the strings. SQL… >>> More
SQL SERVER – Concat Function in SQL Server – SQL Concatenation

as seen on SQL Authority - Search for 'SQL Authority'
Earlier this week, I was delivering Advanced BI training on the subject of “SQL Server 2008 R2″. I had great time delivering the session. During the session, we talked about SQL Server 2010 Denali. Suddenly one of the attendees suggested his displeasure for the product. He said, even though… >>> More
Error with SQL Server Setup 2012 on Windows 2012

as seen on Server Fault - Search for 'Server Fault'
I am trying to install SQL Server on Windows 2012. I was able to finally get the wizard up and running after making some changes on the server, but now it fails no matter what I do with the following error: TITLE: SQL Server Setup failure. SQL Server Setup has encountered the following error: … >>> More
How can I detect which version of SQL (eg SQL 2008 or SQL Azure)

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to detect which version of SQL I am dealing with to perorm various tasks, I need specifically detect if I am on SQL 2008 or SQL Azure. How can I do this with detection code written in SQL? >>> More
Nested SQL Select statement fails on SQL Server 2000, ok on SQL Server 2005

as seen on Stack Overflow - Search for 'Stack Overflow'
Here is the query: INSERT INTO @TempTable SELECT UserID, Name, Address1 = (SELECT TOP 1 [Address] FROM (SELECT TOP 1 [Address] FROM [UserAddress] ua INNER JOIN UserAddressOrder uo ON ua.UserID = uo.UserID WHERE ua.UserID = u.UserID ORDER BY uo.AddressOrder ASC) q ORDER BY AddressOrder… >>> More