lundi 23 mars 2015

OWASP ZAP reported “alert(1);” XSS vulnerability, but no popup showed up


OWASP ZAP reported “alert(1);” XSS vulnerability, but we could not get pop up in browser.


The html surrounding the injected attack is:



<script type="text/javascript">
DataSet.FilterBuilder.QueryValuesDictionary['57_ctl00'] = ;alert(1);;
</script>




Aucun commentaire:

Enregistrer un commentaire