Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Examples of XSS that I can use to test my page input?

Tags:

I have had issues with XSS. Specifically I had an individual inject JS alert showing that the my input had vulnerabilities. I have done research on XSS and found examples but for some reason I can't get them to work.

Can I get example(s) of XSS that I can throw into my input and when I output it back to the user see some sort of change like an alert to know it's vulnerable?

I'm using PHP and I am going to implement htmlspecialchars() but I first am trying to reproduce these vulnerabilities.

Thanks!

like image 356
KRB Avatar asked Aug 29 '11 15:08

KRB


Video Answer


2 Answers

You can use this firefox addon:

  • XSS Me

XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.

The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack. If the resulting HTML page sets a specific JavaScript value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS string. The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.

like image 169
Sarfraz Avatar answered Oct 07 '22 20:10

Sarfraz


For example:

<script>alert("XSS")</script> "><b>Bold</b> '><u>Underlined</u> 
like image 22
ComFreek Avatar answered Oct 07 '22 18:10

ComFreek