XSSDB Exports

The XSSDB is a collection of example "attacks" to illustrate various types of cross-site scripting (XSS) vulnerabilities. It is similar in purpose to RSnake's "Cross-Site Scripting Cheat Sheet": http://ha.ckers.org/xss.html which is probably more useful for a human audience.

Files:

All files were exported from dabbleDB on May 18, 2011.

Viewer:

Here is a viewer that should work in modern browsers (I tested FF 6 and Chrome 13) Viewer

About:

The XSSDB is a GNU Citizen project from several years back. http://www.gnucitizen.org/blog/xssdb/

While the project became idle over time, the underlying data lived on within the "dabbleDB" web database (http://www.dabbledb.com/) and was exportable in several formats until May 18 of 2011.

I used the jsonp format for a personal project I was working on. So, when dabbleDB shut down, this became a problem.

Prior to the dabbleDB shut down, I exported the data in the various formats.

These exports are hosted here.

License:

As described in the DabbleDB page associated with the XSSDB - this content is licensed under the Creative Commons Attribution 2.5 License:

Creative Commons Attribution 2.5 License.

Attribution:

The XSSDB is a GNU Citizen Project: http://www.gnucitizen.org/blog/xssdb/

All XSSDB examples were developed by the author listed for each example.

Contact:

I can be reached at dan@xssdb.net for anything related to this website. If you have specific new examples you'd like included - it would probably be better to discuss them on sla.ckers.org and then send me a link to the discussion than to send them to me directly.

Thanks:

My thanks and gratitude to GNU Citizen and Petko D. Petkov (pdp) for compiling this information, as well as to the numerous creative and expert authors who originally contributed these techniques.

- Dan Anderson, Sept 18, 2011