Forum

Reflected XSS attack information?

Hi everyone, ive been testing a web application using Acunetix and it found a reflected XSS vulnerability in a section of the site where the user enters their password/favourite cheese, however there is a filter in place to prevent standard xss from taking place however Acunetix did generate the following as a valid attack method:

pn33a;//';//";//%>?>rhm4d<script>alert(1)</script>byj0w

Can anyone explain what the stuff before the actual script is and its purpose as I dont fully understand it, I thought it was something to do with it being padded or encapsulated

It also found a similar vulnerability in the URL side of the site and generated this:

view= h8x2n' onmouseover=alert(1) style=position:absolute;width:100%;height:100%;top:0;left:0; mu0rw

To my understanding the code after style is generating a new page in which allows for the XSS to be executed but again not fully sure.

 

Hope this isnt too vague and if needed, let me know an i'll try an provide more details

 

 

 

 

 

 

You need to be a member of OWASP to add comments!

Join OWASP

Email me when people reply –