This repository has been archived by the owner on May 17, 2022. It is now read-only.

False Negative #28

Open

nslearnner opened this issue Feb 24, 2017 · 0 comments

Labels

bug

nslearnner commented Feb 24, 2017 •

edited

Demo Site: demo.testfire.net

Full Request is:
http://demo.testfire.net/search.aspx?txtSearch=%3cimg%20src%3d8%20onmousemove%3d%22alert(299792458)%22%3e

Payloads below:
<img src=1 onmousemove="{JAVASCRIPT}">
<img src=1 onmousemove='{JAVASCRIPT}'>
<img src=1 onmousemove={JAVASCRIPT}>

I test on FF and Chrome, payloads is work. But xssValidator can't Detect.
How can I fix it?

Some info:
Firefox: v51.0.1
Chrome: v56.0.2924.87
xssValidator: v1.3.2
Phantomjs: v2.1.1

The text was updated successfully, but these errors were encountered:

nvisium-shawn-smith added the bug label

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.