Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong
XSS Vulnerability
Re: XSS Vulnerability
you must provide all post parametersruisilva2015 wrote:Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong
-
- Posts:13
- Joined:Tue Nov 15, 2016 9:59 am
Re: XSS Vulnerability
Hi there RUI, thanks for your post/question here in the OpenBugBounty Forum.ruisilva2015 wrote:Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong
Well, the best advice is to tell you, you need something like ‘Tamper Data’ or ‘Live http Headers‘, using these kind of extensions you are able to ‘catch up‘ the POST paramaters, wich OpenBugBounty asks for. (or simply use FireBug or Chromes Dev Tools)
E.g. x-www-form-urlencoded or multipart/form-data can be retreived by using the above called extensions.
Happy Hunting!
Sincerely,
Roy Jansen
(https://www.openbugbounty.org/researchers/rj01/)
-
- Posts:20
- Joined:Wed Jul 06, 2016 12:28 pm
Re: XSS Vulnerability
i wanted to add that you can also use hackbar to capture a post request
Who is online
Users browsing this forum: No registered users and 2 guests