XSS (Cross Site Scripting) Cheat Sheet
Esp: for filter evasion
By RSnake
Note from the author: XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate XSS vectors or how to write the actual cookie/credential stealing/replay/session riding portion of the attack. It will simply show the underlying methodology and you can infer the rest. Also, please note my XSS page has been replicated by the OWASP 2.0 Guide in the Appendix section with my permission. However, because this is a living document I suggest you continue to use this site to stay up to date.
Also, please note that most of these cross site scripting vectors have been tested in the browsers listed at the bottom of the page, however, if you have specific concerns about outdated or obscure versions please download them from Evolt. Please see the XML format of the XSS Cheat Sheet if you intend to use CAL9000 or other automated tools. If you have an RSS reader feel free to subscribe to the Web Application Security RSS feed below, or join the forum:
XSS (Cross Site Scripting):XSS locator. Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word "XSS" will pop up. Use the URL encoding calculator below to encode the entire string. Tip: if you're in a rush and need to quickly check a page, often times injecting the depreciated "<![CDATA[" tag will be enough to check to see if something is vulnerable to XSS by messing up the output appreciably:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSSlocator2">XSS locator 2</a>. If you don't have much space and know there is no vulnerable JavaScript on the page, this string is a nice compact XSS injection check. View source after injecting it and look for <XSS verses &lt;XSS to see if it is vulnerable:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_No_filter_evasion">No filter evasion</a>. This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Image_XSS">Image XSS</a>&nbsp;using the JavaScript directive (IE7.0 doesn't support the JavaScript directive in context of an image, but it does in other contexts, but the following show the principles that would work in other tags as well - I'll probably revise this at a later date):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_No_quotes_no_semicolon">No quotes and no semicolon</a>:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Case_insensitive">Case insensitive</a>&nbsp;XSS attack vector:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_HTML_entities">HTML entities</a>&nbsp;(the semicolons are required for this to work):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Grave_accents">Grave accent</a>&nbsp;obfuscation (If you need to use both double and single quotes you can use a grave accent to encapsulate the JavaScript string - this is also useful because lots of cross site scripting filters don't know about grave accents):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_Malformed_IMG_tags">Malformed IMG tags</a>. Originally found by&nbsp;<a href="http://www.begeek.it/2006/03/18/esclusivo-vulnerabilita-xss-in-firefox/#more-300" style="color: rgb(0, 0, 0); ">Begeek</a>&nbsp;(but cleaned up and shortened to work in all browsers), this XSS vector uses the relaxed rendering engine to create our XSS vector within an IMG tag that should be encapsulated within quotes. I assume this was originally meant to correct sloppy coding. This would make it significantly more difficult to correctly parse apart an HTML tag:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_fromCharCode">fromCharCode</a>&nbsp;(if no quotes of any kind are allowed you can eval() a fromCharCode in JavaScript to create any XSS vector you need). Click&nbsp;<a href="http://www.wocares.com/noquote.php" style="color: rgb(0, 0, 0); ">here</a>&nbsp;to build your own (thanks to Hannes Leopold):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_UTF-8_Unicode">UTF-8 Unicode</a>&nbsp;encoding (all of the XSS examples that use a javascript: directive inside of an <IMG tag will not work in Firefox or Netscape 8.1+ in the Gecko rendering engine mode). Use the&nbsp;<a href="http://ha.ckers.org/xss.html#XSScalc" style="color: rgb(0, 0, 0); ">XSS calculator</a>&nbsp;for more information:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Long_UTF-8_Unicode">Long UTF-8 Unicode</a>&nbsp;encoding without semicolons (this is often effective in XSS that attempts to look for "&#XX;", since most people don't know about padding - up to 7 numeric characters total). This is also useful against people who decode against strings like $tmp_string =~ s/.*\&amp;#(\d+);.*/$1/; which incorrectly assumes a semicolon is required to terminate a html encoded string (I've seen this in the wild):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Hex_encoding">Hex encoding</a>&nbsp;without semicolons (this is also a viable XSS attack against the above string $tmp_string =~ s/.*\&amp;#(\d+);.*/$1/; which assumes that there is a numeric character following the pound symbol - which is not true with hex HTML characters). Use the&nbsp;<a href="http://ha.ckers.org/xss.html#XSScalc" style="color: rgb(0, 0, 0); ">XSS calculator</a>&nbsp;for more information:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Embedded_tab">Embedded tab</a>&nbsp;to break up the cross site scripting attack:&nbsp;<textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Embedded_encoded_tab">Embedded encoded tab</a>&nbsp;to break up XSS:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Embeded_newline">Embeded newline</a>&nbsp;to break up XSS. Some websites claim that any of the chars 09-13 (decimal) will work for this attack. That is incorrect. Only 09 (horizontal tab), 10 (newline) and 13 (carriage return) work. See the&nbsp;<a href="http://ha.ckers.org/ascii.html" style="color: rgb(0, 0, 0); ">ascii chart</a>&nbsp;for more details. The following four XSS examples illustrate this vector:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Embedded_carriage_return">Embedded carriage return</a>&nbsp;to break up XSS (Note: with the above I am making these strings longer than they have to be because the zeros could be omitted. Often I've seen filters that assume the hex and dec encoding has to be two or three characters. The real rule is 1-7 characters.):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Multiline">Multiline</a>&nbsp;Injected JavaScript using ASCII carriage returns (same as above only a more extreme example of this XSS vector) these are not spaces just one of the three characters as described above:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Null">Null</a>&nbsp;breaks up JavaScript directive. Okay, I lied, null chars also work as XSS vectors but not like above, you need to inject them directly using something like&nbsp;<a href="http://www.portswigger.net/proxy/" style="color: rgb(0, 0, 0); ">Burp Proxy</a>or use in the URL string or if you want to write your own injection tool you can either use&nbsp;<a href="http://www.vim.org/" style="color: rgb(0, 0, 0); ">vim</a>&nbsp;(^V^@ will produce a null) or the following program to generate it into a text file. Okay, I lied again, older versions of Opera (circa 7.11 on Windows) were vulnerable to one additional char 173 (the soft hypen control char). But the null char is much more useful and helped me bypass certain real world filters with a variation on this example:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_Null_2">Null</a>&nbsp;breaks up cross site scripting vector. Here is a little known XSS attack vector using null characters. You can actually break up the HTML itself using the same nulls as shown above. I've seen this vector bypass some of the most restrictive XSS filters to date:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_Spaces_meta_chars">Spaces and meta chars</a>&nbsp;before the JavaScript in images for XSS (this is useful if the pattern match doesn't take into account spaces in the word "javascript:" -which is correct since that won't render- and makes the false assumption that you can't have a space between the quote and the "javascript:" keyword. The actual reality is you can have any char from 1-32 in decimal):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_Non_alpha_non_digit">Non-alpha-non-digit</a>&nbsp;XSS. While I was reading the Firefox HTML parser I found that it assumes a non-alpha-non-digit is not valid after an HTML keyword and therefor considers it to be a whitespace or non-valid token after an HTML tag. The problem is that some XSS filters assume that the tag they are looking for is broken up by whitespace. For example "<SCRIPT\s" != "<SCRIPT/XSS\s":<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Non_alpha_non_digit2">Non-alpha-non-digit part 2</a>&nbsp;XSS. yawnmoth brought my attention to this vector, based on the same idea as above, however, I expanded on it, using my fuzzer. The Gecko rendering engine allows for any character other than letters, numbers or encapsulation chars (like quotes, angle brackets, etc...) between the event handler and the equals sign, making it easier to bypass cross site scripting blocks. Note that this also applies to the grave accent char as seen here:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="ns" style="color: rgb(153, 153, 153); ">IE6.0</span>|<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_Non_alpha_non_digit3">Non-alpha-non-digit part 3</a>&nbsp;XSS.&nbsp;<a href="http://www.watchfire.com/" style="color: rgb(0, 0, 0); ">Yair Amit</a>&nbsp;brought this to my attention that there is slightly different behavior between the IE and Gecko rendering engines that allows just a slash between the tag and the parameter with no spaces. This could be useful if the system does not allow spaces.<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_Extraneous open brackets">Extraneous open brackets</a>. Submitted by Franz Sedlmaier, this XSS vector could defeat certain detection engines that work by first using matching pairs of open and close angle brackets and then by doing a comparison of the tag inside, instead of a more efficient algorythm like&nbsp;<a href="http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/" style="color: rgb(0, 0, 0); ">Boyer-Moore</a>&nbsp;that looks for entire string matches of the open angle bracket and associated tag (post de-obfuscation, of course). The double slash comments out the ending extraneous bracket to supress a JavaScript error:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_No_closing_script_tags">No closing script tags</a>. In Firefox and Netscape 8.1 in the Gecko rendering engine mode you don't actually need the "></SCRIPT>" portion of this Cross Site Scripting vector. Firefox assumes it's safe to close the HTML tag and add closing tags for you. How thoughtful! Unlike the next one, which doesn't effect Firefox, this does not require any additional HTML below it. You can add quotes if you need to, but they're not needed generally, although beware, I have no idea what the HTML will end up looking like once this is injected:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="ns" style="color: rgb(153, 153, 153); ">IE6.0</span>|<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_Protocol_resolution">Protocol resolution in script tags</a>. This particular variant was submitted by&nbsp;<a href="http://www.pilorz.net/" style="color: rgb(0, 0, 0); ">Łukasz Pilorz</a>&nbsp;and was based partially off of Ozh's protocol resolution bypass below. This cross site scripting example works in IE, Netscape in IE rendering mode and Opera if you add in a </SCRIPT> tag at the end. However, this is especially useful where space is an issue, and of course, the shorter your domain, the better. The ".j" is valid, regardless of the encoding type because the browser knows it in context of a SCRIPT tag.<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="ns" style="color: rgb(153, 153, 153); ">IE6.0</span>|<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_Half_open">Half open</a>&nbsp;HTML/JavaScript XSS vector. Unlike Firefox the IE rendering engine doesn't add extra data to your page, but it does allow the javascript: directive in images. This is useful as a vector because it doesn't require a close angle bracket. This assumes there is any HTML tag below where you are injecting this cross site scripting vector. Even though there is no close ">" tag the tags below it will close it. A note: this does mess up the HTML, depending on what HTML is beneath it. It gets around&nbsp;<a href="http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-mookhey/bh-us-04-mookhey-up.ppt" style="color: rgb(0, 0, 0); ">the following NIDS regex</a>: /((\%3D)|(=))[^\n]*((\%3C)|<)[^\n]+((\%3E)|>)/ because it doesn't require the end ">". As a side note, this was also affective against a real world XSS filter I came across using an open ended <IFRAME tag instead of an <IMG tag:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Double_open">Double open</a>&nbsp;angle brackets. This is an odd one that&nbsp;<a href="http://www.mitre.org/" style="color: rgb(0, 0, 0); ">Steven Christey</a>&nbsp;brought to my attention. At first I misclassified this as the same XSS vector as above but it's surprisingly different. Using an open angle bracket at the end of the vector instead of a close angle bracket causes different behavior in Netscape Gecko rendering. Without it, Firefox will work but Netscape won't:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="ns" style="color: rgb(153, 153, 153); ">IE6.0</span>|<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">O9.02</span>]</div><br><br><a name="XSS_no_single_double_quotes_semicolon">XSS with no single quotes or double quotes or semicolons</a>:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Escaping_JS_escapes">Escaping JavaScript escapes</a>. When the application is written to output some user information inside of a JavaScript like the following: <SCRIPT>var a="$ENV{QUERY_STRING}";</SCRIPT> and you want to inject your own JavaScript into it but the server side application escapes certain quotes you can circumvent that by escaping their escape character. When this is gets injected it will read <SCRIPT>var a="\\";alert('XSS');//";</SCRIPT> which ends up un-escaping the double quote and causing the Cross Site Scripting vector to fire. The&nbsp;<a href="http://ha.ckers.org/xss.html#XSSlocator" style="color: rgb(0, 0, 0); ">XSS locator</a>uses this method.:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_End_title_tag">End title tag</a>. This is a simple XSS vector that closes <TITLE> tags, which can encapsulate the malicious cross site scripting attack:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_INPUT_image">INPUT image</a>:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_BODY_image">BODY image</a>:<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="ns" style="color: rgb(153, 153, 153); ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="ns" style="color: rgb(153, 153, 153); ">NS8.1-G</span>|<span class="ns" style="color: rgb(153, 153, 153); ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_BODY_tag">BODY tag</a>&nbsp;(I like this method because it doesn't require using any variants of "javascript:" or "<SCRIPT..." to accomplish the XSS attack).&nbsp;<a href="http://x10security.org/" style="color: rgb(0, 0, 0); ">Dan Crowley</a>additionally noted that you can put a space before the equals sign ("onload=" != "onload ="):<br><textarea cols="45" rows="3"></textarea><br><div align="CENTER">Browser support: [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE7.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">IE6.0</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-IE</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">NS8.1-G</span>|<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">FF2.0</span>] [<span class="s" style="color: rgb(0, 0, 17); font-weight: bold; ">O9.02</span>]</div><br><br><a name="XSS_Event_handlers">Event Handlers</a>&nbsp;that can be used in similar XSS attacks to the one above (this is the most comprehensive list on the net, at the time of this writing). Please note I have excluded browser support from this section because each one may have different results in different browsers. Thanks to&nbsp;<a href="http://www.secaron.de/" style="color: rgb(0, 0, 0); ">Rene Ledosquet</a>&nbsp;for the HTML+TIME updates:<br><textarea cols="45" rows="3"></textarea></ul></td></tr></tbody></table></div><p></p><p><b><font color="#ff0000">CopyRights: Please Stop Stealing contents from our site i.e <a href="http://xedlgubaid.blogspot.com/">xedlgubaid.blogspot.com</a> . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site &amp; give credit to our blog/author. Hope you will understand our feelings.</font></b></p></DIV></plaintext></ul></td></tr>
</tbody></table></div></div></div>
<script type='text/javascript'>
var obj0=document.getElementById("post17688240051036827237");
var obj1=document.getElementById("post27688240051036827237");
var s=obj1.innerHTML;
var t=s.substr(0,s.length/2);
var r=t.lastIndexOf("<br>");
if(r>0) {obj0.innerHTML=s.substr(0,r);obj1.innerHTML=s.substr(r+4);}
</script>
</div>
</div>
<div class='post-footer'>
<div class='post-footer-line post-footer-line-1'>
<div class='byline post-share-buttons goog-inline-block'>
<div aria-owns='sharing-popup-Blog1-footer-1-7688240051036827237' class='sharing' data-title='Xss Cheat sheet By R Snake'>
<button aria-controls='sharing-popup-Blog1-footer-1-7688240051036827237' aria-label='Share' class='sharing-button touch-icon-button' id='sharing-button-Blog1-footer-1-7688240051036827237' role='button'>
Share
</button>
<div class='share-buttons-container'>
<ul aria-hidden='true' aria-label='Share' class='share-buttons hidden' id='sharing-popup-Blog1-footer-1-7688240051036827237' role='menu'>
<li>
<span aria-label='Get link' class='sharing-platform-button sharing-element-link' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=7688240051036827237&target=' data-url='https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html' role='menuitem' tabindex='-1' title='Get link'>
<svg class='svg-icon-24 touch-icon sharing-link'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_link_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Get link</span>
</span>
</li>
<li>
<span aria-label='Share to Facebook' class='sharing-platform-button sharing-element-facebook' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=7688240051036827237&target=facebook' data-url='https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html' role='menuitem' tabindex='-1' title='Share to Facebook'>
<svg class='svg-icon-24 touch-icon sharing-facebook'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Facebook</span>
</span>
</li>
<li>
<span aria-label='Share to X' class='sharing-platform-button sharing-element-twitter' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=7688240051036827237&target=twitter' data-url='https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html' role='menuitem' tabindex='-1' title='Share to X'>
<svg class='svg-icon-24 touch-icon sharing-twitter'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>X</span>
</span>
</li>
<li>
<span aria-label='Share to Pinterest' class='sharing-platform-button sharing-element-pinterest' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=7688240051036827237&target=pinterest' data-url='https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html' role='menuitem' tabindex='-1' title='Share to Pinterest'>
<svg class='svg-icon-24 touch-icon sharing-pinterest'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Pinterest</span>
</span>
</li>
<li>
<span aria-label='Email' class='sharing-platform-button sharing-element-email' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=7688240051036827237&target=email' data-url='https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html' role='menuitem' tabindex='-1' title='Email'>
<svg class='svg-icon-24 touch-icon sharing-email'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_email_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Email</span>
</span>
</li>
<li aria-hidden='true' class='hidden'>
<span aria-label='Share to other apps' class='sharing-platform-button sharing-element-other' data-url='https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html' role='menuitem' tabindex='-1' title='Share to other apps'>
<svg class='svg-icon-24 touch-icon sharing-sharingOther'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Other Apps</span>
</span>
</li>
</ul>
</div>
</div>
</div>
<span class='byline'>
<a class='flat-button' href='https://www.blogger.com/email-post/8673717460717349168/7688240051036827237'>Email Post</a>
</span>
</div>
<div class='post-footer-line post-footer-line-2'>
</div>
<div class='post-footer-line post-footer-line-3'>
</div>
</div>
</div>
</div>
<section class='comments embed' data-num-comments='0' id='comments'>
<a name='comments'></a>
<h3 class='title'>Comments</h3>
<div id='Blog1_comments-block-wrapper'>
</div>
<div class='footer'>
<div class='comment-form'>
<a name='comment-form'></a>
<h4 id='comment-post-message'>Post a Comment</h4>
<a href='https://www.blogger.com/comment/frame/8673717460717349168?po=7688240051036827237&hl=en&saa=85391&origin=https://xedlgubaid.blogspot.com&skin=soho&skin=soho' id='comment-editor-src'></a>
<iframe allowtransparency='allowtransparency' class='blogger-iframe-colorize blogger-comment-from-post' frameborder='0' height='90px' id='comment-editor' name='comment-editor' src='' width='100%'></iframe>
<script src='https://www.blogger.com/static/v1/jsbin/1345082660-comment_from_post_iframe.js' type='text/javascript'></script>
<script type='text/javascript'>
BLOG_CMT_createIframe('https://www.blogger.com/rpc_relay.html');
</script>
</div>
</div>
</section>
</div>
</div>
</div><div class='widget HTML' data-version='2' id='HTML2'>
<div class='widget-content'>
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<script>
(adsbygoogle = window.adsbygoogle || []).push({
google_ad_client: "ca-pub-6167673720966948",
enable_page_level_ads: true
});
</script>
</div>
</div><div class='widget PopularPosts' data-version='2' id='PopularPosts1'>
<h3 class='title'>
Popular Posts
</h3>
<div class='widget-content'>
<div role='feed'>
<article class='post' role='article'>
<div class='post no-featured-image'>
<div class='post-header'>
<div class='post-header-line-1'>
<span class='byline post-author vcard'>
<span class='post-author-label'>
Posted by
</span>
<span class='fn'>
<meta content='https://www.blogger.com/profile/18160302846462831031'/>
<a class='g-profile' href='https://www.blogger.com/profile/18160302846462831031' rel='author' title='author profile'>
<span>xedlg ubaid</span>
</a>
</span>
</span>
<span class='byline post-timestamp'>
<meta content='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html'/>
<a class='timestamp-link' href='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html' rel='bookmark' title='permanent link'>
<time class='published' datetime='2010-11-28T11:36:00+05:30' title='2010-11-28T11:36:00+05:30'>
November 28, 2010
</time>
</a>
</span>
</div>
</div>
<h3 class='post-title'><a href='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html'>Sql Hack</a></h3>
<div class='post-footer'>
<div class='post-footer-line post-footer-line-0'>
<div class='byline post-share-buttons goog-inline-block'>
<div aria-owns='sharing-popup-PopularPosts1-footer-0-9021399635674094515' class='sharing' data-title='Sql Hack'>
<button aria-controls='sharing-popup-PopularPosts1-footer-0-9021399635674094515' aria-label='Share' class='sharing-button touch-icon-button' id='sharing-button-PopularPosts1-footer-0-9021399635674094515' role='button'>
Share
</button>
<div class='share-buttons-container'>
<ul aria-hidden='true' aria-label='Share' class='share-buttons hidden' id='sharing-popup-PopularPosts1-footer-0-9021399635674094515' role='menu'>
<li>
<span aria-label='Get link' class='sharing-platform-button sharing-element-link' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=9021399635674094515&target=' data-url='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html' role='menuitem' tabindex='-1' title='Get link'>
<svg class='svg-icon-24 touch-icon sharing-link'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_link_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Get link</span>
</span>
</li>
<li>
<span aria-label='Share to Facebook' class='sharing-platform-button sharing-element-facebook' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=9021399635674094515&target=facebook' data-url='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html' role='menuitem' tabindex='-1' title='Share to Facebook'>
<svg class='svg-icon-24 touch-icon sharing-facebook'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Facebook</span>
</span>
</li>
<li>
<span aria-label='Share to X' class='sharing-platform-button sharing-element-twitter' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=9021399635674094515&target=twitter' data-url='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html' role='menuitem' tabindex='-1' title='Share to X'>
<svg class='svg-icon-24 touch-icon sharing-twitter'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>X</span>
</span>
</li>
<li>
<span aria-label='Share to Pinterest' class='sharing-platform-button sharing-element-pinterest' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=9021399635674094515&target=pinterest' data-url='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html' role='menuitem' tabindex='-1' title='Share to Pinterest'>
<svg class='svg-icon-24 touch-icon sharing-pinterest'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Pinterest</span>
</span>
</li>
<li>
<span aria-label='Email' class='sharing-platform-button sharing-element-email' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=9021399635674094515&target=email' data-url='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html' role='menuitem' tabindex='-1' title='Email'>
<svg class='svg-icon-24 touch-icon sharing-email'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_email_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Email</span>
</span>
</li>
<li aria-hidden='true' class='hidden'>
<span aria-label='Share to other apps' class='sharing-platform-button sharing-element-other' data-url='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html' role='menuitem' tabindex='-1' title='Share to other apps'>
<svg class='svg-icon-24 touch-icon sharing-sharingOther'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Other Apps</span>
</span>
</li>
</ul>
</div>
</div>
</div>
<span class='byline post-comment-link container'>
<a class='comment-link' href='https://xedlgubaid.blogspot.com/2010/11/sql-hack.html#comments' onclick=''>
Post a Comment
</a>
</span>
</div>
</div>
</div>
</article>
<article class='post' role='article'>
<div class='post no-featured-image'>
<div class='post-header'>
<div class='post-header-line-1'>
<span class='byline post-author vcard'>
<span class='post-author-label'>
Posted by
</span>
<span class='fn'>
<meta content='https://www.blogger.com/profile/18160302846462831031'/>
<a class='g-profile' href='https://www.blogger.com/profile/18160302846462831031' rel='author' title='author profile'>
<span>xedlg ubaid</span>
</a>
</span>
</span>
<span class='byline post-timestamp'>
<meta content='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html'/>
<a class='timestamp-link' href='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html' rel='bookmark' title='permanent link'>
<time class='published' datetime='2011-12-16T16:13:00+05:30' title='2011-12-16T16:13:00+05:30'>
December 16, 2011
</time>
</a>
</span>
</div>
</div>
<h3 class='post-title'><a href='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html'>MYSQL Full Tutorial</a></h3>
<div class='post-footer'>
<div class='post-footer-line post-footer-line-0'>
<div class='byline post-share-buttons goog-inline-block'>
<div aria-owns='sharing-popup-PopularPosts1-footer-0-1771343487606285576' class='sharing' data-title='MYSQL Full Tutorial'>
<button aria-controls='sharing-popup-PopularPosts1-footer-0-1771343487606285576' aria-label='Share' class='sharing-button touch-icon-button' id='sharing-button-PopularPosts1-footer-0-1771343487606285576' role='button'>
Share
</button>
<div class='share-buttons-container'>
<ul aria-hidden='true' aria-label='Share' class='share-buttons hidden' id='sharing-popup-PopularPosts1-footer-0-1771343487606285576' role='menu'>
<li>
<span aria-label='Get link' class='sharing-platform-button sharing-element-link' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=1771343487606285576&target=' data-url='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html' role='menuitem' tabindex='-1' title='Get link'>
<svg class='svg-icon-24 touch-icon sharing-link'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_link_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Get link</span>
</span>
</li>
<li>
<span aria-label='Share to Facebook' class='sharing-platform-button sharing-element-facebook' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=1771343487606285576&target=facebook' data-url='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html' role='menuitem' tabindex='-1' title='Share to Facebook'>
<svg class='svg-icon-24 touch-icon sharing-facebook'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Facebook</span>
</span>
</li>
<li>
<span aria-label='Share to X' class='sharing-platform-button sharing-element-twitter' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=1771343487606285576&target=twitter' data-url='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html' role='menuitem' tabindex='-1' title='Share to X'>
<svg class='svg-icon-24 touch-icon sharing-twitter'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>X</span>
</span>
</li>
<li>
<span aria-label='Share to Pinterest' class='sharing-platform-button sharing-element-pinterest' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=1771343487606285576&target=pinterest' data-url='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html' role='menuitem' tabindex='-1' title='Share to Pinterest'>
<svg class='svg-icon-24 touch-icon sharing-pinterest'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Pinterest</span>
</span>
</li>
<li>
<span aria-label='Email' class='sharing-platform-button sharing-element-email' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=1771343487606285576&target=email' data-url='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html' role='menuitem' tabindex='-1' title='Email'>
<svg class='svg-icon-24 touch-icon sharing-email'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_email_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Email</span>
</span>
</li>
<li aria-hidden='true' class='hidden'>
<span aria-label='Share to other apps' class='sharing-platform-button sharing-element-other' data-url='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html' role='menuitem' tabindex='-1' title='Share to other apps'>
<svg class='svg-icon-24 touch-icon sharing-sharingOther'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Other Apps</span>
</span>
</li>
</ul>
</div>
</div>
</div>
<span class='byline post-comment-link container'>
<a class='comment-link' href='https://xedlgubaid.blogspot.com/2011/12/mysql-full-tutorial.html#comments' onclick=''>
Post a Comment
</a>
</span>
</div>
</div>
</div>
</article>
<article class='post' role='article'>
<div class='post no-featured-image'>
<div class='post-header'>
<div class='post-header-line-1'>
<span class='byline post-author vcard'>
<span class='post-author-label'>
Posted by
</span>
<span class='fn'>
<meta content='https://www.blogger.com/profile/18160302846462831031'/>
<a class='g-profile' href='https://www.blogger.com/profile/18160302846462831031' rel='author' title='author profile'>
<span>xedlg ubaid</span>
</a>
</span>
</span>
<span class='byline post-timestamp'>
<meta content='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html'/>
<a class='timestamp-link' href='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html' rel='bookmark' title='permanent link'>
<time class='published' datetime='2011-12-24T14:02:00+05:30' title='2011-12-24T14:02:00+05:30'>
December 24, 2011
</time>
</a>
</span>
</div>
</div>
<h3 class='post-title'><a href='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html'>SQL Injection [ Bypassing WAF (403 Forbidden) ]</a></h3>
<div class='post-footer'>
<div class='post-footer-line post-footer-line-0'>
<div class='byline post-share-buttons goog-inline-block'>
<div aria-owns='sharing-popup-PopularPosts1-footer-0-4171766193277244816' class='sharing' data-title='SQL Injection [ Bypassing WAF (403 Forbidden) ]'>
<button aria-controls='sharing-popup-PopularPosts1-footer-0-4171766193277244816' aria-label='Share' class='sharing-button touch-icon-button' id='sharing-button-PopularPosts1-footer-0-4171766193277244816' role='button'>
Share
</button>
<div class='share-buttons-container'>
<ul aria-hidden='true' aria-label='Share' class='share-buttons hidden' id='sharing-popup-PopularPosts1-footer-0-4171766193277244816' role='menu'>
<li>
<span aria-label='Get link' class='sharing-platform-button sharing-element-link' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=4171766193277244816&target=' data-url='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html' role='menuitem' tabindex='-1' title='Get link'>
<svg class='svg-icon-24 touch-icon sharing-link'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_link_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Get link</span>
</span>
</li>
<li>
<span aria-label='Share to Facebook' class='sharing-platform-button sharing-element-facebook' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=4171766193277244816&target=facebook' data-url='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html' role='menuitem' tabindex='-1' title='Share to Facebook'>
<svg class='svg-icon-24 touch-icon sharing-facebook'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_facebook_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Facebook</span>
</span>
</li>
<li>
<span aria-label='Share to X' class='sharing-platform-button sharing-element-twitter' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=4171766193277244816&target=twitter' data-url='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html' role='menuitem' tabindex='-1' title='Share to X'>
<svg class='svg-icon-24 touch-icon sharing-twitter'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_twitter_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>X</span>
</span>
</li>
<li>
<span aria-label='Share to Pinterest' class='sharing-platform-button sharing-element-pinterest' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=4171766193277244816&target=pinterest' data-url='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html' role='menuitem' tabindex='-1' title='Share to Pinterest'>
<svg class='svg-icon-24 touch-icon sharing-pinterest'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_pinterest_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Pinterest</span>
</span>
</li>
<li>
<span aria-label='Email' class='sharing-platform-button sharing-element-email' data-href='https://www.blogger.com/share-post.g?blogID=8673717460717349168&postID=4171766193277244816&target=email' data-url='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html' role='menuitem' tabindex='-1' title='Email'>
<svg class='svg-icon-24 touch-icon sharing-email'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_24_email_dark' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Email</span>
</span>
</li>
<li aria-hidden='true' class='hidden'>
<span aria-label='Share to other apps' class='sharing-platform-button sharing-element-other' data-url='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html' role='menuitem' tabindex='-1' title='Share to other apps'>
<svg class='svg-icon-24 touch-icon sharing-sharingOther'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_more_horiz_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<span class='platform-sharing-text'>Other Apps</span>
</span>
</li>
</ul>
</div>
</div>
</div>
<span class='byline post-comment-link container'>
<a class='comment-link' href='https://xedlgubaid.blogspot.com/2011/12/sql-injection-bypassing-waf-403.html#comments' onclick=''>
1 comment
</a>
</span>
</div>
</div>
</div>
</article>
</div>
</div>
</div></div>
</main>
</div>
<footer class='footer section' id='footer' name='Footer'><div class='widget Attribution' data-version='2' id='Attribution1'>
<div class='widget-content'>
<div class='blogger'>
<a href='https://www.blogger.com' rel='nofollow'>
<svg class='svg-icon-24'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
Powered by Blogger
</a>
</div>
<div class='image-attribution'>
Theme images by <a href="http://www.offset.com/photos/223311">Matt Vince</a>
</div>
</div>
</div></footer>
</div>
</div>
<aside class='sidebar-container container sidebar-invisible' role='complementary'>
<div class='navigation'>
<svg class='svg-icon-24 touch-icon sidebar-back rtl-reversible-icon'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_arrow_back_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
</div>
<div class='section' id='sidebar' name='Sidebar'>
<div class='widget BlogArchive' data-version='2' id='BlogArchive1'>
<details class='collapsible extendable'>
<summary>
<div class='collapsible-title'>
<h3 class='title'>
Archive
</h3>
<svg class='svg-icon-24 chevron-down'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_expand_more_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<svg class='svg-icon-24 chevron-up'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_expand_less_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
</div>
</summary>
<div class='widget-content'>
<div id='ArchiveList'>
<div id='BlogArchive1_ArchiveList'>
<div class='first-items'>
<ul class='flat'>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2020_07_20_archive.html'>Jul 20<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2017_08_12_archive.html'>Aug 12<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2017_04_22_archive.html'>Apr 22<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2017_03_11_archive.html'>Mar 11<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2016_12_27_archive.html'>Dec 27<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2016_09_02_archive.html'>Sep 02<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2016_08_22_archive.html'>Aug 22<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2016_08_13_archive.html'>Aug 13<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2016_08_12_archive.html'>Aug 12<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2016_04_19_archive.html'>Apr 19<span class='post-count'>1</span></a>
</li>
</ul>
</div>
<div class='remaining-items'>
<ul class='flat'>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2015_07_07_archive.html'>Jul 07<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2015_06_15_archive.html'>Jun 15<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2015_06_14_archive.html'>Jun 14<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2014_06_25_archive.html'>Jun 25<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2014_04_03_archive.html'>Apr 03<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2014_04_01_archive.html'>Apr 01<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_10_19_archive.html'>Oct 19<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_09_09_archive.html'>Sep 09<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_07_12_archive.html'>Jul 12<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_06_06_archive.html'>Jun 06<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_05_25_archive.html'>May 25<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_05_20_archive.html'>May 20<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_05_19_archive.html'>May 19<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_05_18_archive.html'>May 18<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_05_08_archive.html'>May 08<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_04_26_archive.html'>Apr 26<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_04_21_archive.html'>Apr 21<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_04_18_archive.html'>Apr 18<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_04_17_archive.html'>Apr 17<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_04_13_archive.html'>Apr 13<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_04_05_archive.html'>Apr 05<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_02_07_archive.html'>Feb 07<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2013_02_06_archive.html'>Feb 06<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_12_13_archive.html'>Dec 13<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_09_22_archive.html'>Sep 22<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_09_10_archive.html'>Sep 10<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_09_09_archive.html'>Sep 09<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_09_07_archive.html'>Sep 07<span class='post-count'>5</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_09_06_archive.html'>Sep 06<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_09_05_archive.html'>Sep 05<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_08_30_archive.html'>Aug 30<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_08_29_archive.html'>Aug 29<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_08_28_archive.html'>Aug 28<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_05_27_archive.html'>May 27<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_05_24_archive.html'>May 24<span class='post-count'>10</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_05_22_archive.html'>May 22<span class='post-count'>15</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_05_12_archive.html'>May 12<span class='post-count'>7</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_01_09_archive.html'>Jan 09<span class='post-count'>17</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_01_08_archive.html'>Jan 08<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_01_07_archive.html'>Jan 07<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2012_01_06_archive.html'>Jan 06<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_28_archive.html'>Dec 28<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_25_archive.html'>Dec 25<span class='post-count'>12</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_24_archive.html'>Dec 24<span class='post-count'>15</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_23_archive.html'>Dec 23<span class='post-count'>12</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_22_archive.html'>Dec 22<span class='post-count'>16</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_21_archive.html'>Dec 21<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_20_archive.html'>Dec 20<span class='post-count'>9</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_19_archive.html'>Dec 19<span class='post-count'>7</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_18_archive.html'>Dec 18<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_16_archive.html'>Dec 16<span class='post-count'>7</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_15_archive.html'>Dec 15<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_13_archive.html'>Dec 13<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_12_archive.html'>Dec 12<span class='post-count'>5</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_11_archive.html'>Dec 11<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_07_archive.html'>Dec 07<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_06_archive.html'>Dec 06<span class='post-count'>11</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_04_archive.html'>Dec 04<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_12_01_archive.html'>Dec 01<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_30_archive.html'>Nov 30<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_27_archive.html'>Nov 27<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_25_archive.html'>Nov 25<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_24_archive.html'>Nov 24<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_23_archive.html'>Nov 23<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_21_archive.html'>Nov 21<span class='post-count'>5</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_20_archive.html'>Nov 20<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_19_archive.html'>Nov 19<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_17_archive.html'>Nov 17<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_11_16_archive.html'>Nov 16<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_10_25_archive.html'>Oct 25<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_09_16_archive.html'>Sep 16<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_09_09_archive.html'>Sep 09<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_09_07_archive.html'>Sep 07<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_08_15_archive.html'>Aug 15<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_25_archive.html'>Jul 25<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_24_archive.html'>Jul 24<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_20_archive.html'>Jul 20<span class='post-count'>7</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_17_archive.html'>Jul 17<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_15_archive.html'>Jul 15<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_14_archive.html'>Jul 14<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_13_archive.html'>Jul 13<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_10_archive.html'>Jul 10<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_07_05_archive.html'>Jul 05<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_28_archive.html'>Jun 28<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_27_archive.html'>Jun 27<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_22_archive.html'>Jun 22<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_19_archive.html'>Jun 19<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_17_archive.html'>Jun 17<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_16_archive.html'>Jun 16<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_15_archive.html'>Jun 15<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_11_archive.html'>Jun 11<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_10_archive.html'>Jun 10<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_09_archive.html'>Jun 09<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_07_archive.html'>Jun 07<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_04_archive.html'>Jun 04<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_06_01_archive.html'>Jun 01<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_30_archive.html'>May 30<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_28_archive.html'>May 28<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_25_archive.html'>May 25<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_24_archive.html'>May 24<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_22_archive.html'>May 22<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_20_archive.html'>May 20<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_16_archive.html'>May 16<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_15_archive.html'>May 15<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_14_archive.html'>May 14<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_11_archive.html'>May 11<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_07_archive.html'>May 07<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_06_archive.html'>May 06<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_05_03_archive.html'>May 03<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_25_archive.html'>Apr 25<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_24_archive.html'>Apr 24<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_23_archive.html'>Apr 23<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_22_archive.html'>Apr 22<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_20_archive.html'>Apr 20<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_19_archive.html'>Apr 19<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_18_archive.html'>Apr 18<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_17_archive.html'>Apr 17<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_15_archive.html'>Apr 15<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_14_archive.html'>Apr 14<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_13_archive.html'>Apr 13<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_11_archive.html'>Apr 11<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_10_archive.html'>Apr 10<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_08_archive.html'>Apr 08<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_06_archive.html'>Apr 06<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_05_archive.html'>Apr 05<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_04_archive.html'>Apr 04<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_03_archive.html'>Apr 03<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_02_archive.html'>Apr 02<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_04_01_archive.html'>Apr 01<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_03_31_archive.html'>Mar 31<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_03_30_archive.html'>Mar 30<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_03_28_archive.html'>Mar 28<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_03_17_archive.html'>Mar 17<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_03_05_archive.html'>Mar 05<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_02_24_archive.html'>Feb 24<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_02_08_archive.html'>Feb 08<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_02_07_archive.html'>Feb 07<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_02_05_archive.html'>Feb 05<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_27_archive.html'>Jan 27<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_20_archive.html'>Jan 20<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_17_archive.html'>Jan 17<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_16_archive.html'>Jan 16<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_13_archive.html'>Jan 13<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_12_archive.html'>Jan 12<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_11_archive.html'>Jan 11<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_10_archive.html'>Jan 10<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_09_archive.html'>Jan 09<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_08_archive.html'>Jan 08<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2011_01_01_archive.html'>Jan 01<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_30_archive.html'>Dec 30<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_29_archive.html'>Dec 29<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_26_archive.html'>Dec 26<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_23_archive.html'>Dec 23<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_19_archive.html'>Dec 19<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_18_archive.html'>Dec 18<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_17_archive.html'>Dec 17<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_16_archive.html'>Dec 16<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_15_archive.html'>Dec 15<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_14_archive.html'>Dec 14<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_13_archive.html'>Dec 13<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_11_archive.html'>Dec 11<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_09_archive.html'>Dec 09<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_05_archive.html'>Dec 05<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_04_archive.html'>Dec 04<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_12_01_archive.html'>Dec 01<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_30_archive.html'>Nov 30<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_29_archive.html'>Nov 29<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_28_archive.html'>Nov 28<span class='post-count'>5</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_26_archive.html'>Nov 26<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_24_archive.html'>Nov 24<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_23_archive.html'>Nov 23<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_22_archive.html'>Nov 22<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_21_archive.html'>Nov 21<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_20_archive.html'>Nov 20<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_11_06_archive.html'>Nov 06<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_10_24_archive.html'>Oct 24<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_10_21_archive.html'>Oct 21<span class='post-count'>6</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_10_20_archive.html'>Oct 20<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_10_19_archive.html'>Oct 19<span class='post-count'>4</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_10_18_archive.html'>Oct 18<span class='post-count'>5</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_10_15_archive.html'>Oct 15<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_10_03_archive.html'>Oct 03<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_10_02_archive.html'>Oct 02<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_09_28_archive.html'>Sep 28<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_09_22_archive.html'>Sep 22<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_09_04_archive.html'>Sep 04<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_08_25_archive.html'>Aug 25<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_08_23_archive.html'>Aug 23<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_08_08_archive.html'>Aug 08<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_07_25_archive.html'>Jul 25<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_07_17_archive.html'>Jul 17<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_07_15_archive.html'>Jul 15<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_06_17_archive.html'>Jun 17<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_06_12_archive.html'>Jun 12<span class='post-count'>2</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_06_06_archive.html'>Jun 06<span class='post-count'>3</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_05_31_archive.html'>May 31<span class='post-count'>1</span></a>
</li>
<li class='archivedate'>
<a href='https://xedlgubaid.blogspot.com/2010_05_28_archive.html'>May 28<span class='post-count'>2</span></a>
</li>
</ul>
</div>
<span class='show-more flat-button'>Show more</span>
<span class='show-less hidden flat-button'>Show less</span>
</div>
</div>
</div>
</details>
</div><div class='widget Label' data-version='2' id='Label1'>
<details class='collapsible extendable'>
<summary>
<div class='collapsible-title'>
<h3 class='title'>
Labels
</h3>
<svg class='svg-icon-24 chevron-down'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_expand_more_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
<svg class='svg-icon-24 chevron-up'>
<use xlink:href='/responsive/sprite_v1_6.css.svg#ic_expand_less_black_24dp' xmlns:xlink='http://www.w3.org/1999/xlink'></use>
</svg>
</div>
</summary>
<div class='widget-content list-label-widget-content'>
<div class='first-items'>
<ul>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Aircel'>Aircel<span class='label-count'>4</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Airtel%20hack'>Airtel hack<span class='label-count'>37</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/All%20P.C%2FLaptop%20Tricks'>All P.C/Laptop Tricks<span class='label-count'>42</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Anti%20Hacking'>Anti Hacking<span class='label-count'>16</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Antivirus'>Antivirus<span class='label-count'>2</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Arduino'>Arduino<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Backtrack'>Backtrack<span class='label-count'>11</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/blogger'>blogger<span class='label-count'>5</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Call%20Hack'>Call Hack<span class='label-count'>11</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Chinese%20Mobile%20Setting'>Chinese Mobile Setting<span class='label-count'>4</span></a></li>
</ul>
</div>
<div class='remaining-items'>
<ul>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/e-book'>e-book<span class='label-count'>21</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/eMail%20Hack'>eMail Hack<span class='label-count'>18</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Ethernet%20hack'>Ethernet hack<span class='label-count'>2</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Facebook'>Facebook<span class='label-count'>54</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Free%20domains'>Free domains<span class='label-count'>6</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Free%20Downloads'>Free Downloads<span class='label-count'>52</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Funny%20tricks'>Funny tricks<span class='label-count'>16</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Game%20Cheats'>Game Cheats<span class='label-count'>2</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Games%20Download'>Games Download<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Google%20tricks'>Google tricks<span class='label-count'>34</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Gprs%20to%20pc%20connect'>Gprs to pc connect<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Hacking'>Hacking<span class='label-count'>145</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Hard%20Reset'>Hard Reset<span class='label-count'>9</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Hellotune'>Hellotune<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/idea%20tricks'>idea tricks<span class='label-count'>6</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Internet%20Plans'>Internet Plans<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Internet%20Tricks'>Internet Tricks<span class='label-count'>57</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Ip%20Address%20hacks'>Ip Address hacks<span class='label-count'>4</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/iphone'>iphone<span class='label-count'>5</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Manually%20Gprs%20setting'>Manually Gprs setting<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Metasploit'>Metasploit<span class='label-count'>6</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Mobile%20Tricks'>Mobile Tricks<span class='label-count'>26</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Msn%20hack'>Msn hack<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/P.c%2FLaptop%20password%20hack'>P.c/Laptop password hack<span class='label-count'>6</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Proxy'>Proxy<span class='label-count'>8</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Reliance%20hack'>Reliance hack<span class='label-count'>8</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/serialkeys'>serialkeys<span class='label-count'>2</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Songs%20Download'>Songs Download<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Sports%20news'>Sports news<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Sql%20Injection'>Sql Injection<span class='label-count'>32</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Tricks'>Tricks<span class='label-count'>75</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Uninor'>Uninor<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Useful%20Information'>Useful Information<span class='label-count'>36</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/useful%20sites'>useful sites<span class='label-count'>51</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Videocon'>Videocon<span class='label-count'>2</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/virus'>virus<span class='label-count'>8</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/Vodafone'>Vodafone<span class='label-count'>2</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/vpn'>vpn<span class='label-count'>1</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/website%20tricks'>website tricks<span class='label-count'>44</span></a></li>
<li><a class='label-name' href='https://xedlgubaid.blogspot.com/search/label/wordpress'>wordpress<span class='label-count'>2</span></a></li>
</ul>
</div>
<span class='show-more flat-button'>Show more</span>
<span class='show-less hidden flat-button'>Show less</span>
</div>
</details>
</div><div class='widget ReportAbuse' data-version='2' id='ReportAbuse1'>
<h3 class='title'>
<a class='report_abuse' href='https://www.blogger.com/go/report-abuse' rel='noopener nofollow' target='_blank'>
Report Abuse
</a>
</h3>
</div></div>
</aside>
<script type="text/javascript" src="https://resources.blogblog.com/blogblog/data/res/3621791130-fancy_compiled.js" async="true"></script>
<script type='text/javascript'>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-40320229-1', 'auto', 'blogger');
ga('blogger.send', 'pageview');
</script>
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/1581542668-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY43Ws-JB6vYJnpElicEXtwDdkJZKw:1765424931750';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d8673717460717349168','//xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html','8673717460717349168');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '8673717460717349168', 'title': 'Cyber Security Coding Diy', 'url': 'https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html', 'canonicalUrl': 'https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html', 'homepageUrl': 'https://xedlgubaid.blogspot.com/', 'searchUrl': 'https://xedlgubaid.blogspot.com/search', 'canonicalHomepageUrl': 'https://xedlgubaid.blogspot.com/', 'blogspotFaviconUrl': 'https://xedlgubaid.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-40320229-1', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Security Coding Diy - Atom\x22 href\x3d\x22https://xedlgubaid.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Cyber Security Coding Diy - RSS\x22 href\x3d\x22https://xedlgubaid.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Security Coding Diy - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/8673717460717349168/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Security Coding Diy - Atom\x22 href\x3d\x22https://xedlgubaid.blogspot.com/feeds/7688240051036827237/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-6167673720966948', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/a086d31c20bf4e54', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'pWn m0r3 \x26gt;\x26gt;', 'pageType': 'item', 'postId': '7688240051036827237', 'postImageUrl': 'http://ha.ckers.org/images/84844372/rsnake/hackers.jpg', 'pageName': 'Xss Cheat sheet By R Snake', 'pageTitle': 'Cyber Security Coding Diy: Xss Cheat sheet By R Snake', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true, 'variant': 'fancy_neon', 'variantId': 'fancy_neon'}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Xss Cheat sheet By R Snake', 'description': 'Cyber Security tutorials,Latest Gadget Revies, Common Windows Linux \x26 android problem fixes \x26 tutorials, Techno news', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uacdwq42kSZLAqRmJcVnwKv6LIYL16x30iDHyBr4nYg4j4YgQWinLBfkljZW7kfHJK5LdkRWuOLoTx3ZJn_FBeYOZQRHLZ_aqz89uDjrn49uwWfu6AaFKi', 'url': 'https://xedlgubaid.blogspot.com/2011/12/xss-cheat-sheet-by-r-snake.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 7688240051036827237}}, {'name': 'widgets', 'data': [{'title': 'Search This Blog', 'type': 'BlogSearch', 'sectionId': 'search_top', 'id': 'BlogSearch1'}, {'title': 'Cyber Security Coding Diy (Header)', 'type': 'Header', 'sectionId': 'header', 'id': 'Header1'}, {'title': '', 'type': 'FeaturedPost', 'sectionId': 'page_body', 'id': 'FeaturedPost1', 'postId': '1739843227783403810'}, {'title': '', 'type': 'HTML', 'sectionId': 'page_body', 'id': 'HTML1'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'page_body', 'id': 'Blog1', 'posts': [{'id': '7688240051036827237', 'title': 'Xss Cheat sheet By R Snake', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uacdwq42kSZLAqRmJcVnwKv6LIYL16x30iDHyBr4nYg4j4YgQWinLBfkljZW7kfHJK5LdkRWuOLoTx3ZJn_FBeYOZQRHLZ_aqz89uDjrn49uwWfu6AaFKi', 'showInlineAds': true}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'share', 'label': ''}, {'name': 'comments', 'label': 'comments'}, {'name': 'icons', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Labels:'}]}, {'regionName': 'footer3', 'items': [{'name': 'location', 'label': 'Location:'}]}], 'allBylineItems': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': ''}, {'name': 'share', 'label': ''}, {'name': 'comments', 'label': 'comments'}, {'name': 'icons', 'label': ''}, {'name': 'labels', 'label': 'Labels:'}, {'name': 'location', 'label': 'Location:'}]}, {'title': '', 'type': 'HTML', 'sectionId': 'page_body', 'id': 'HTML2'}, {'title': '', 'type': 'PopularPosts', 'sectionId': 'page_body', 'id': 'PopularPosts1', 'posts': [{'title': 'Sql Hack', 'id': 9021399635674094515}, {'title': 'MYSQL Full Tutorial', 'id': 1771343487606285576}, {'title': 'SQL Injection [ Bypassing WAF (403 Forbidden) ]', 'id': 4171766193277244816}]}, {'type': 'Attribution', 'sectionId': 'footer', 'id': 'Attribution1'}, {'title': '', 'type': 'BlogArchive', 'sectionId': 'sidebar', 'id': 'BlogArchive1'}, {'title': 'Labels', 'type': 'Label', 'sectionId': 'sidebar', 'id': 'Label1'}, {'title': '', 'type': 'ReportAbuse', 'sectionId': 'sidebar', 'id': 'ReportAbuse1'}]}]);
_WidgetManager._RegisterWidget('_BlogSearchView', new _WidgetInfo('BlogSearch1', 'search_top', document.getElementById('BlogSearch1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_FeaturedPostView', new _WidgetInfo('FeaturedPost1', 'page_body', document.getElementById('FeaturedPost1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'page_body', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'page_body', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2485970545-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'page_body', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'page_body', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_AttributionView', new _WidgetInfo('Attribution1', 'footer', document.getElementById('Attribution1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive1', 'sidebar', document.getElementById('BlogArchive1'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label1', 'sidebar', document.getElementById('Label1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ReportAbuseView', new _WidgetInfo('ReportAbuse1', 'sidebar', document.getElementById('ReportAbuse1'), {}, 'displayModeFull'));
</script>
</body>
</html>]]></plaintext></ul></td></tr></div> |
