Solved

Cross-site Scripting (XSS) Testing

Posted on 2010-08-28
4
690 Views
Last Modified: 2013-11-16

When testing Cross-site Scripting (XSS), I have inserted XSS payload into response HTML file. But it didn't execute. Does it mean XSS success or not?  what is the impact in this scenario?

Thanks very much

---------------------------
XSS payload:
%A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be

HTML file:
.............
    <table style='table-layout:fixed' width="760" border="0" cellpadding="0" cellspacing="0" align="center">
      <col width=396>
        <col width=182>
          <col width=182>
            <form name="thisForm" method="post" action="Default.aspx?langid=en&quot;&amp;gs=RQ&amp;site=%A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be" id="thisForm">
0
Comment
Question by:howruaz9
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
4ToNight earned 200 total points
ID: 33551662
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 300 total points
ID: 33580276
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 300 total points
ID: 33581834
I highly recommend that you read the Cross-Site Scripting paper available from the OWASP website at
http://www.owasp.org/index.php/Cross_Site_Scripting

You should also have a look at the OWASP Filters Project, which provides solutions for J2EE and PHP.
http://www.owasp.org/index.php/Category:OWASP_Filters_Project
0
 

Author Closing Comment

by:howruaz9
ID: 33583005
4ToNight and madunix

Thank you very much for your help
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now