Question

27

Examples of XSS that I can use to test my page input?

rated 0 times [ 33] [ 6] / answers: 1 / hits: 58817 / 13 Years ago, mon, august 29, 2011, 12:00:00

I have had issues with XSS. Specifically I had an individual inject JS alert showing that the my input had vulnerabilities. I have done research on XSS and found examples but for some reason I can't get them to work.

Can I get example(s) of XSS that I can throw into my input and when I output it back to the user see some sort of change like an alert to know it's vulnerable?

I'm using PHP and I am going to implement htmlspecialchars() but I first am trying to reproduce these vulnerabilities.

Thanks!

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

cameron

Add To Favorites

Follow

Total Points: 591

Total Questions: 112

Total Answers: 88

Location: Botswana

Member since Sat, Jan 7, 2023

1 Year ago

answered 13 Years ago lamarmaximiliand · Accepted Answer

You can use this firefox addon:

XSS Me

XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site
Scripting (XSS). It does NOT currently test for stored XSS.

The
tool works by submitting your HTML forms and substituting the form
value with strings that are representative of an XSS attack. If the
resulting HTML page sets a specific JavaScript value
(document.vulnerable=true) then the tool marks the page as vulnerable
to the given XSS string. The tool does not attempting to compromise
the security of the given system. It looks for possible entry points
for an attack against the system. There is no port scanning, packet
sniffing, password hacking or firewall attacks done by the
tool.

You can think of the work done by the tool as the same as the
QA testers for the site manually entering all of these strings into
the form fields.