Jan Cinert

False positive | Reflected Cross-Site Scripting (XSS) Vulnerabilities

Discussion created by Jan Cinert on Nov 5, 2013
Latest reply on Nov 6, 2013 by jkent

Payload '%20onEvent=@REQUESTID@%20

 

#1 Response

comment: A significant portion of the XSS test payload appeared in the web page, but the page's DOM was not modified as expected for a successful exploit. This result should be manually verified to determine its accuracy.


<script type="text/javascript">

    /* <![CDATA[ */

 

 

    var a = "<td class=\"productQty\">\n        <input type=\"text\" name=\"invoice[invoice_product_bf][4][qty]\" value=\"1\" id=\"invoice_invoice_product_bf_4_qty\" \/>                <input type=\"hidden\" name=\"invoice[invoice_product_bf][4][id]\" value=\"'%20onEvent=@REQUESTID@%20\" id=\"invoice_invoice_product_bf_4_id\" \/>       <\/td>\n      <td class=\"productQtyUnit\">\n            <\/td>\n      <td class=\"productPrice\" id=\"productBfPrice{invoice_product_key}\">\n      <\/td>";

 

 

    /* ]]> */

</script>

 

 

 


The response does not have a vulnerability.

 

  1. ' character does not have to be encoded. It is inside a JS string that is not wrapped inside ' character.

Outcomes