Looking for Test URL's to try against my Anti-XSS code

Looking for Test URL's to try against my Anti-XSS code

Can you post some URL's or a link to a site where I can get dozens of various URL's that I can use to test against my Anti-XSS URL Hack code?

I need domains in the return URL, query string parameters, to see what my code can do.

Thanks
newbiewebSr. Software EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ste5anSenior DeveloperCommented:
XSS is not a generic attack. They are always specialized to you site. So general URL's does not exist. You either test it yourself or look for pentesters.

See also: Testing for Cross site scripting.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
actually you should be testing against your website instead. You may consider below. If you embedded your codes in the website then it should be able to test even such simple XSS attempt. There are package test web app codes that is specifically coded to be vulnerable too
A simple easy test is to take a current parameter that is sent in the HTTP GET request and modify it. Take for example the following request in the browser address URL bar. This url will take a name parameter that you enter in a textbox and print something on the page. Like "Hello newbieweb, thank you for coming to my site"

http://www.yoursite.com/index.html?name=george

And modify it so that add an extra some additional information to the parameter. For example try entering something similar to the following request in the browser address URL bar.

http://www.yoursite.com/index.html?name=<script>alert('You just found a XSS vulnerability')</script>

If this pops up an alert message box stating "You just found a XSS vulnerability", then you know this parameter is vulnerable to XSS attacks. The parameter name is not being validating, it is allowing anything to be processed as a name, including a malicious script that is injected into the parameter passed in.
Example of deliberately vulnerable web app for learning https://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applications-for-learning-web-app-security
https://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/
0
newbiewebSr. Software EngineerAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.