Page 1 of 1
XSS Vulnerability
Posted: Wed Dec 28, 2016 11:17 am
by ruisilva2015
Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong
Re: XSS Vulnerability
Posted: Wed Dec 28, 2016 1:48 pm
by x1admin
ruisilva2015 wrote:Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong
you must provide all post parameters
Re: XSS Vulnerability
Posted: Thu Jan 05, 2017 5:03 pm
by RoyJansen_01
ruisilva2015 wrote:Hi
I report an XSS who requires user enter XSS payload on First and Last Name field on website , i need to put all POST request on report or only vulnerable parameters?
Vulnerability isnt still validated , what i need to do?
I think i report it wrong
Hi there RUI, thanks for your post/question here in the OpenBugBounty Forum.
Well, the best advice is to tell you, you need something like ‘Tamper Data’ or ‘Live http Headers‘, using these kind of extensions you are able to ‘catch up‘ the POST paramaters, wich OpenBugBounty asks for. (or simply use FireBug or Chromes Dev Tools)
E.g.
x-www-form-urlencoded or
multipart/form-data can be retreived by using the above called extensions.
Happy Hunting!
Sincerely,
Roy Jansen
(
https://www.openbugbounty.org/researchers/rj01/)
Re: XSS Vulnerability
Posted: Fri Jan 20, 2017 4:51 pm
by rootpentesting
i wanted to add that you can also use hackbar to capture a post request
Re: XSS Vulnerability
Posted: Thu Jun 15, 2017 8:12 am
by ruisilva2015
Thanks guys
