This page tries to simulate various conditions in which user input may get reflected on an HTML page by server side scripts. This page possibly contains far-fetched, over-stretched
XSS scenarios. But possibility of these scenarios can not be denied given the nature and variety of web application development techniques. Every developer may think differently and thus user input can potentially go ANYWHERE on your page. Purpose of this script is to let developers test their XSS scanners, IDS systems etc.This should be a good way of learning to 'break' into HTML using various ways. I have tried to include most of the scenarios I could think of. And I'm onfident that coupling IDS with this script will multiply the number of test cases. But any additional inputs are welcome and possibly there are hundreds of them. Remember, if this script is coupled with an IDS, the IDS should be able to block ALL XSS. Because user input can be reflected ANYWHERE
Links:
hxxp://h4k.in/xssinexcess
hxxp://blogged-on.de/xss/
Thanks to Kishor.....!!!
