Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 722
  • Last Modified:

Cross-site Scripting (XSS) Testing


When testing Cross-site Scripting (XSS), I have inserted XSS payload into response HTML file. But it didn't execute. Does it mean XSS success or not?  what is the impact in this scenario?

Thanks very much

---------------------------
XSS payload:
%A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be

HTML file:
.............
    <table style='table-layout:fixed' width="760" border="0" cellpadding="0" cellspacing="0" align="center">
      <col width=396>
        <col width=182>
          <col width=182>
            <form name="thisForm" method="post" action="Default.aspx?langid=en&quot;&amp;gs=RQ&amp;site=%A7%A2%BE%Bc%F3%E3%F2%E9%F0%F4%Be%E1%Ec%E5%F2%F4%A8%A7Watchfire%20XSS%20Test%20Successful%A7%A9%Bc%Af%F3%E3%F2%E9%F0%F4%Be" id="thisForm">
0
howruaz9
Asked:
howruaz9
  • 2
3 Solutions
 
4ToNightCommented:
0
 
madunixChief Information Security Officer Commented:
0
 
madunixChief Information Security Officer Commented:
I highly recommend that you read the Cross-Site Scripting paper available from the OWASP website at
http://www.owasp.org/index.php/Cross_Site_Scripting

You should also have a look at the OWASP Filters Project, which provides solutions for J2EE and PHP.
http://www.owasp.org/index.php/Category:OWASP_Filters_Project
0
 
howruaz9Author Commented:
4ToNight and madunix

Thank you very much for your help
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now