1 CERT Coordination Center. "CERT Advisory CA-2000-02 Malicious HTML Tags
Embedded in Client Web Requests." CERT/CC Advisories. 3 February
2000. http://www.cert.org/advisories/CA-2000-02.html

2 The Apache Software Foundation. “Cross Site Scripting Info.” 20 November
2001. http://httpd.apache.org/info/css-security/index.html

3 Dyck, Timothy. “OpenHack Wrap. eWeek. December 2, 2002.
http://www.eweek.com/article2/0,3959,748061,00.asp
© SANS Institute 2003, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2003, As part of GIAC practical repository. Author retains full rights.
4 Orchard, Leslie Michael. “MTCleanHTMLPlugin.” DecafbadWiki. 19 November
2002. http://www.decafbad.com/twiki/bin/view/Main/MTCleanHTMLPlugin
5 CGISecurity.com. “The Cross Site Scripting FAQ.” May 2002.
http://www.cgisecurity.com/articles/xss-faq.shtml
6 Microsoft. “Incorrect MIME Header Can Cause IE to Execute E-mail
Attachment.” Microsoft TechNet. 21 September 2001.
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
7 Lindner, Paul. “Preventing Cross-site Scripting Attacks.” Perl.com. 20 February
2002. http://www.perl.com/pub/a/2002/02/20/css.html
8 CERT Coordination Center. “Malicious Tags.”
9 Wang. “Hack FAQ Volume 9.” Neoteker. 19 August 2002.
http://www.neoteker.com/artikel/vol9.htm
10 Guninski, Georgi. “IE 5.5 and 5.01 vulnerability — reading at least local and
from any host text and parsed html files.” 2000.
http://www.guninski.com/dhtmled2.html
11 Netscape. “Persistent Client State HTTP Cookies.” 1999.
http://wp.netscape.com/newsref/std/cookie_spec.html
12 The Mozilla Organization. “The Same Origin Policy.” 24 August 2001.
http://www.mozilla.org/projects/security/components/same-origin.html
13 CGISecurity.com.
14 Pennington, Bill and Endler, David. “Session Hijacking.” OWASP Application
Security Attack Components. http://www.owasp.org/asac/authsession/
hijack.shtml
15 NightHawk. “Lycos Mail and Lycos HTMLGear XSS/Cookie Problems
Advisory.” SecuriTeam.com Security News. 11 June 2002.
http://www.securiteam.com/securitynews/6R0041P60Q.html
16 Endler, David. “The Evolution of Cross-Site Scripting Attacks.” 20 May 2002.
http://www.idefense.com/idpapers/XSS.pdf
17 Dyck.
18 DarC KonQuesT. “Squirrel Mail 1.2.7 XSS Exploit.” Bugtraq.
Bugtraq@securityfocus.com. (19 September 2002)
19 Morrison, Bruno. “Multiple XSS vulnerabilites in PHPNuke.” Bugdev.
bugdev@idea.avet.com.pl. (10 October 2002)
20 Zeus Technology. “Cross Site Scripting.” 9 February 2000.
http://support.zeus.com/security/css.html
21 Common Vulnerabilities and Exposures. “CAN-2002-0840.” 8 August 2002.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
22 Curphey, Mark, et al. “A Guide to Building Secure Web Applications.” 11
September 2002.

http://unc.dl.sourceforge.net/sourceforge/owasp/OWASPGuideV1.1.1.pdf
23 CERT Coordination Center. " Understanding Malicious Content Mitigation for
Web Developers." CERT Tech Tips. 2 February 2000.
http://www.cert.org/tech_tips/malicious_code_mitigation.html
© SANS Institute 2003, Author retains full rights.

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2003, As part of GIAC practical repository. Author retains full rights.

24 The Apache Software Foundation. “Cross Site Scripting Info: Encoding
Examples.” http://httpd.apache.org/info/csssecurity/
encoding_examples.html

25 Nakajima, Taku. “Amrita Tour.” 12 November 2002. http://www.braintokyo.
jp/research/amrita/rdocs/files/docs/Tour.html

26 Lindner.

27 Obscure. “Bypassing JavaScript Filters – the Flash! Attack.” 25 August 2002.
http://eyeonsecurity.org/papers/flash-xss.htm

28 Serna, Fermin. “iPlanet NG-XSS Vulnerability Analysis.” 5 November 2002.
http://www.ngsec.com/docs/whitepapers/Iplanet-NG-XSS-analysis.pdf

29 Endler.

30 Bosschert, Thijs. “XSS Vulnerability in Major Websites (Hotmail, Yahoo and
Excite).” SecuriTeam.com Security News. 14 November 2002.
31 Pennington and Endler. “Session Hijacking.”
32 Holden, John. “Enhanced security - Checking IP/hardware address aginst ARP
entry in kernel.” 21 April 1998.
http://www.apache.org/dist/httpd/contrib/patches/1.3/macaddr.patch
33 Pennington, Bill and Endler, David. “Session Replay.” OWASP Application
Security Attack Components. http://www.owasp.org/asac/authsession/
replay.shtml

34 Howard, Michael. “Some Bad News and Some Good News.” MSDN Library. 21
October 2002. http://msdn.microsoft.com/library/enus/
dncode/html/secure10102002.asp

35 Megacz, Adam. “XWT Foundation Security Advisory.” 29 July 2002.
http://www.xwt.org/sop.txt