Some developers prefer to check user input on the client. This method is not safe because cross-site scripting attacks can bypass the client input interface, some tools are used to modify the string submitted to the server to achieve cross-site scripting attacks.
Tamperie is one of these gadgets (www.bayden.com)
After tamperie is installed, it is loaded into ie as a plug-in to monitor the HTTP Communication between IE and the server, intercept the HTTP statements submitted to the server, and modify the data, then, send the modified data to the server.
Tamperie also prepared the following types of "offensive" strings for the tester:
Q' "<SCRIPT> alert ('xss hole # n'); </SCRIPT>
Q'; drop tablename;
Q * 'or '1' = '1
Q '"onmouseenter =" alert ('xss hole # n'); "onreadystatechange =" alert ('xss hole # n ');"
Q 2652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652652