Solved

Cross-site Scripting (XSS) Testing

Posted on 2010-08-28
4
700 Views
Last Modified: 2013-11-16

When testing Cross-site Scripting (XSS), I have inserted XSS payload into response HTML file. But it didn't execute. Does it mean XSS success or not?  what is the impact in this scenario?

Thanks very much

---------------------------
XSS payload:
%A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be

HTML file:
.............
    <table style='table-layout:fixed' width="760" border="0" cellpadding="0" cellspacing="0" align="center">
      <col width=396>
        <col width=182>
          <col width=182>
            <form name="thisForm" method="post" action="Default.aspx?langid=en&quot;&amp;gs=RQ&amp;site=%A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be" id="thisForm">
0
Comment
Question by:howruaz9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
4ToNight earned 200 total points
ID: 33551662
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 300 total points
ID: 33580276
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 300 total points
ID: 33581834
I highly recommend that you read the Cross-Site Scripting paper available from the OWASP website at
http://www.owasp.org/index.php/Cross_Site_Scripting

You should also have a look at the OWASP Filters Project, which provides solutions for J2EE and PHP.
http://www.owasp.org/index.php/Category:OWASP_Filters_Project
0
 

Author Closing Comment

by:howruaz9
ID: 33583005
4ToNight and madunix

Thank you very much for your help
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question