General methods
- 1.Is it talking to a DB?
- Is there parameter passing? - if yes…
- Insert a single quote
- 2.Can I or someone else see what I type?
- Is there a forum, blog, guestbook, contact us page, feedback form, instant messenger? - if yes…
- Insert <script>alert('xss')</script
- 3.Does it reference a file?
- Is it talking about a file on the local file system - if yes…
- Insert ../../../../../../etc/passwd, ../../../../../../etc/passwd%00
- ../../../../../../windows/win.ini, ../../../../../../windows/win.ini%00
Last modified 1yr ago