Search This Blog

2018/02/03

How to do Cross Site Scripting Test

Set parameter value includes: "'<>()
  • "'><script>alert('XSS');</script>
Solution
  • Check every parameter.
  • Don't output parameter value in the page directly.
Example
randinblogger.blogspot.com/?m="'><script>alert('XSS');</script>

IE/Edge only show # because XSS filter(X-XSS-Protection)

No comments :

Post a Comment