How to do Cross Site Scripting Test

2018/02/03

How to do Cross Site Scripting Test

Set parameter value includes: "'<>()

"'><script>alert('XSS');</script>

Solution

Check every parameter.
Don't output parameter value in the page directly.

Example

randinblogger.blogspot.com/?m="'><script>alert('XSS');</script>

IE/Edge only show # because XSS filter(X-XSS-Protection)

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )