Looking for Test URL's to try against my Anti-XSS code

curiouswebster used Ask the Experts™
Looking for Test URL's to try against my Anti-XSS code

Can you post some URL's or a link to a site where I can get dozens of various URL's that I can use to test against my Anti-XSS URL Hack code?

I need domains in the return URL, query string parameters, to see what my code can do.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Developer
XSS is not a generic attack. They are always specialized to you site. So general URL's does not exist. You either test it yourself or look for pentesters.

See also: Testing for Cross site scripting.
btanExec Consultant
Distinguished Expert 2018

actually you should be testing against your website instead. You may consider below. If you embedded your codes in the website then it should be able to test even such simple XSS attempt. There are package test web app codes that is specifically coded to be vulnerable too
A simple easy test is to take a current parameter that is sent in the HTTP GET request and modify it. Take for example the following request in the browser address URL bar. This url will take a name parameter that you enter in a textbox and print something on the page. Like "Hello newbieweb, thank you for coming to my site"


And modify it so that add an extra some additional information to the parameter. For example try entering something similar to the following request in the browser address URL bar.

http://www.yoursite.com/index.html?name=<script>alert('You just found a XSS vulnerability')</script>

If this pops up an alert message box stating "You just found a XSS vulnerability", then you know this parameter is vulnerable to XSS attacks. The parameter name is not being validating, it is allowing anything to be processed as a name, including a malicious script that is injected into the parameter passed in.
Example of deliberately vulnerable web app for learning https://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applications-for-learning-web-app-security
curiouswebsterSoftware Engineer



Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial