[Owasp-delhi] Regarding Reflected XSS Issue
tiwari.robin at gmail.com
Sun May 31 03:24:04 EDT 2009
hi parmendra ;
check the response something like this for the below script:
On Fri, May 29, 2009 at 9:23 AM, Parmendra Sharma <s.parmendra at gmail.com>wrote:
> Dear All,
> Kindly elaborate how can you be sure that a parameter "txtsearch" within
> the belowmentioned URL is free from Reflected XSS issue.
> -> After sending the above request what is to be seen in the source of
> the resopnse if the application is performing the Output Escaping.
> -> How do you check that the Output Escaping done by the application is
> proper and up to the mark and will not allow any XSS issue.
> I mean how do conclude that there is no XSS as entering some varients of
> scripts will work and some of them does not work.
> Thanks and Regards:
> Parmendra Sharma
> Computer Security Analyst
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
Thanks & Regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-delhi