XSS filter to protect from XSS attacks

XSS Filter는 XSS 공격을 해볼 수 있는 곳입니다. 소스도 공개되어있습니다. 재미있는 것은 보통 XSS는 blacklist 문자를 지정하기 보다는 whitelist 문자를 지정하는 것으로 막는데, 이 곳은 블랙 리스트를 강화하는 노력을 하고 있다는 점입니다.

그런데, 과연 현재 소스 상태에서 또 뚫을 수 있을 것인지?

Similar Posts:

Comments 1

  1. MKSeo wrote:

    I’m aware of a person who’s trying to run XSS code to this article. As I’m using wp capcha-free, I’m pretty much sure that the person is using a browser which enabled javascript, i.e., it’s very unlikely that it is a machine.

    I warn you not to do that anymore. Don’t make me pissed off. Otherwise, I’ll track you down by every knowledge that I know of to find out who you really are. Try proxy or whatever method you know of. I’ll still find you. You once revealed yourself carelessly, and I already have two records of IP addresses and logs. And your ISP have them as well.

    Be warned that even a simple inspection of a website is not allowed in Korea, and what you’re doing constitutes a crime.

    Posted 10 Apr 2009 at 2:16 am

Post a Comment

Your email is never published nor shared.