Test 5) Cross Site Scripting

Cross Site Scripting Test

Vulnerability Type Dynamic

Test Web Service URI http://[yourhostName]/XSS.asmx?WSDL

Vulnerable Code Block This method displays message on browser and does not validate the input string:

ShowMessageOnBrowser(txt);
return txt;

Attack Payload <script>alert(1)</script>

Vulnerable Method Name ShowMessage Vulnerable Parameter Name txt

Response

Indications of Vulnerability

Web server returned: Http status code is 200 (i.e. OK - The request has succeeded).
Malicious script (payload) is returned without any escaping of the payload.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test 5) Cross Site Scripting

Cross Site Scripting Test

Clone this wiki locally