[Owasp-delhi] Regarding Reflected XSS Issue

Robin Tiwari tiwari.robin at gmail.com
Sun May 31 03:24:04 EDT 2009


hi parmendra ;

check the response something like this for the below script:

<script>alert('xss');</script>

On Fri, May 29, 2009 at 9:23 AM, Parmendra Sharma <s.parmendra at gmail.com>wrote:

> Dear All,
>
> Kindly elaborate how can you be sure that a parameter "txtsearch" within
> the belowmentioned URL is free from Reflected XSS issue.
>
> http:///mybank.com/search.aspx?txtsearch=<script>alert('xss')</script>
>
> -> After sending the above request what is to be seen in the source of
> the resopnse if the application is performing the Output Escaping.
>
> -> How do you check that the Output Escaping done by the application is
> proper and up to the mark and will not allow any XSS issue.
>
>  I mean how do conclude that there is no XSS as entering some varients of
> scripts will work and some of them does not work.
>
> --
> Thanks and Regards:
>
> Parmendra Sharma
> Computer Security Analyst
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>


-- 
Thanks & Regards

Robin Tiwari
Security Anlayst
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090531/a70528e8/attachment.html 


More information about the Owasp-delhi mailing list