Solved

Cross-site Scripting (XSS) Testing

Posted on 2010-08-28
4
685 Views
Last Modified: 2013-11-16

When testing Cross-site Scripting (XSS), I have inserted XSS payload into response HTML file. But it didn't execute. Does it mean XSS success or not?  what is the impact in this scenario?

Thanks very much

---------------------------
XSS payload:
%A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be

HTML file:
.............
    <table style='table-layout:fixed' width="760" border="0" cellpadding="0" cellspacing="0" align="center">
      <col width=396>
        <col width=182>
          <col width=182>
            <form name="thisForm" method="post" action="Default.aspx?langid=en&quot;&amp;gs=RQ&amp;site=%A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be" id="thisForm">
0
Comment
Question by:howruaz9
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
4ToNight earned 200 total points
ID: 33551662
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 300 total points
ID: 33580276
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 300 total points
ID: 33581834
I highly recommend that you read the Cross-Site Scripting paper available from the OWASP website at
http://www.owasp.org/index.php/Cross_Site_Scripting

You should also have a look at the OWASP Filters Project, which provides solutions for J2EE and PHP.
http://www.owasp.org/index.php/Category:OWASP_Filters_Project
0
 

Author Closing Comment

by:howruaz9
ID: 33583005
4ToNight and madunix

Thank you very much for your help
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now