Looking for Test URL's to try against my Anti-XSS code

Looking for Test URL's to try against my Anti-XSS code

Can you post some URL's or a link to a site where I can get dozens of various URL's that I can use to test against my Anti-XSS URL Hack code?

I need domains in the return URL, query string parameters, to see what my code can do.

Thanks
newbiewebSr. Software EngineerAsked:
Who is Participating?
 
ste5anSenior DeveloperCommented:
XSS is not a generic attack. They are always specialized to you site. So general URL's does not exist. You either test it yourself or look for pentesters.

See also: Testing for Cross site scripting.
0
 
btanExec ConsultantCommented:
actually you should be testing against your website instead. You may consider below. If you embedded your codes in the website then it should be able to test even such simple XSS attempt. There are package test web app codes that is specifically coded to be vulnerable too
A simple easy test is to take a current parameter that is sent in the HTTP GET request and modify it. Take for example the following request in the browser address URL bar. This url will take a name parameter that you enter in a textbox and print something on the page. Like "Hello newbieweb, thank you for coming to my site"

http://www.yoursite.com/index.html?name=george

And modify it so that add an extra some additional information to the parameter. For example try entering something similar to the following request in the browser address URL bar.

http://www.yoursite.com/index.html?name=<script>alert('You just found a XSS vulnerability')</script>

If this pops up an alert message box stating "You just found a XSS vulnerability", then you know this parameter is vulnerable to XSS attacks. The parameter name is not being validating, it is allowing anything to be processed as a name, including a malicious script that is injected into the parameter passed in.
Example of deliberately vulnerable web app for learning https://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applications-for-learning-web-app-security
https://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/
0
 
newbiewebSr. Software EngineerAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.