[WEB SECURITY] WAF XSS Fuzzer?!

gaz Heyes gazheyes at gmail.com
Wed Feb 2 18:03:37 EST 2011


On 2 February 2011 21:36, Ryan Dewhurst <ryandewhurst at gmail.com> wrote:

> I was wondering if such a thing existed and if not, would such a thing be
> possible?
>

I'll probably add it to XSS Rays, it will consist of:-

for(var i=0;i<10;i++) {
 vector = '<img src=1 onerror=alert('+(i+1)+')>';
}

It will probably work for most WAFs as Thornmaker and sdc has already proved
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110202/1cf0aa22/attachment-0003.html>


More information about the websecurity mailing list