[Owasp-delhi] Regarding Reflected XSS Issue

Parmendra Sharma s.parmendra at gmail.com
Fri May 29 12:23:22 EDT 2009


Dear All,

Kindly elaborate how can you be sure that a parameter "txtsearch" within the
belowmentioned URL is free from Reflected XSS issue.

http:///mybank.com/search.aspx?txtsearch=<script>alert('xss')</script>

-> After sending the above request what is to be seen in the source of
the resopnse if the application is performing the Output Escaping.

-> How do you check that the Output Escaping done by the application is
proper and up to the mark and will not allow any XSS issue.

 I mean how do conclude that there is no XSS as entering some varients of
scripts will work and some of them does not work.

-- 
Thanks and Regards:

Parmendra Sharma
Computer Security Analyst
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090529/f1062471/attachment.html 


More information about the Owasp-delhi mailing list