XSS Vulnerability

Your experience of helping website owners
Post Reply
ruisilva2015
Posts:19
Joined:Wed Dec 28, 2016 10:24 am
XSS Vulnerability

Post by ruisilva2015 » Wed Dec 28, 2016 11:17 am

Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: XSS Vulnerability

Post by x1admin » Wed Dec 28, 2016 1:48 pm

ruisilva2015 wrote:Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong
you must provide all post parameters

RoyJansen_01
Posts:13
Joined:Tue Nov 15, 2016 9:59 am

Re: XSS Vulnerability

Post by RoyJansen_01 » Thu Jan 05, 2017 5:03 pm

ruisilva2015 wrote:Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong
Hi there RUI, thanks for your post/question here in the OpenBugBounty Forum.
Well, the best advice is to tell you, you need something like ‘Tamper Data’ or ‘Live http Headers‘, using these kind of extensions you are able to ‘catch up‘ the POST paramaters, wich OpenBugBounty asks for. (or simply use FireBug or Chromes Dev Tools)
E.g. x-www-form-urlencoded or multipart/form-data can be retreived by using the above called extensions.

Happy Hunting!
Sincerely,

Roy Jansen
(https://www.openbugbounty.org/researchers/rj01/)

rootpentesting
Posts:20
Joined:Wed Jul 06, 2016 12:28 pm

Re: XSS Vulnerability

Post by rootpentesting » Fri Jan 20, 2017 4:51 pm

i wanted to add that you can also use hackbar to capture a post request :D

ruisilva2015
Posts:19
Joined:Wed Dec 28, 2016 10:24 am

Re: XSS Vulnerability

Post by ruisilva2015 » Thu Jun 15, 2017 8:12 am

Thanks guys :)

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests