xss.db

# Dotnet XSS
[Rr]esponse.[Ww]rite[[:space:]]*\(
<%[[:space:]]*=[[:space:]]*[\_a-zA-Z0-9][^\%]+
innerText[[:space:]]*=[^\;]+\+
innerHTML[[:space:]]*=[^\;]+\+
[Vv]alidate[Rr]equest=[\'\"]?false[\'\"]?
URL\.Query\(\).*
QueryUnescape\(.*
# Java xss signatures
<%=.*[Rr]equest\.
response.sendRedirect[[:space:]]*\(.*[Rr]equest.*\)
<c:out.*\$\{param
# Perl xss signatures
print[[:space:]]*.*\$.*->param\(?.*\)?
# PHP xss signatures
echo[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
print[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
print_r([[:space:]]*\(|[[:space:]]+).*\)?\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
\<[\?\%]\=\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)