AnsweredAssumed Answered

150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities - How to test

Question asked by Jean-Sebastien Grenon on May 10, 2016
Latest reply on May 16, 2016 by Dave Ferguson

Hi,

 

I'm new with Qualys, and testing XSS. I have received a report with some XSS. Some are in GET and other in POST. Get, I'm able te reproduce, but not in POST.

 

I was tried with POSTMAN, without success. Can help me to reproduce XSS in POST.

 

This is what I have in report :

 

 

 

Payload id_report=117620&nom_client_report=Dany%20Descoteaux&courriel_client_report=nord@devcore.ca&type_rep ort=%22'%3E%3Cqss%20%60%3b!--%3D%26%7b()%7d

%3E&adresse_report=180%20Roland-Audet&ville_report=Val-D' Or&prix_report=1495.00%20%24&mon_courriel_report=1&mon_message_report=1&submit_courriel_report=1

 

Request POST http://www.url.com/ordinary-url

 

#1 Referer: http://www.url.com

#2 Cookie: ubvt=6; location=avbjhtabbdn53bb036rpj9v9k4; shared_session=x;

session2[uuid]=b3ac84c0f3db0230815dd1c; derniereRecherche=a%3A12%3A%7Bs%3A18%3A%22type_etablissement

 

 

Thanks,

 

JS

Outcomes