Add an 'indication' element #3

psiinon · 2013-06-05T13:13:34Z

Another optional one, but one that tools can use to indicate the string that they identified which indicates the problem.
This can help the user sanity check the vulnerability.

dancornell · 2013-06-06T10:04:57Z

Would this be like the payload that was used to exploit a dynamic vulnerability?

psiinon · 2013-06-06T10:45:42Z

No, although thats useful to include as well :)
So the payload could be: <script>alert(1);</script>
while the indication (ie whats in the resulting page) would probably be: <script>alert(1);</script>

I use that in ZAP to highlight the relevant part of the response - a user can then look at that and hopefully more easily make a better judgement as to whether its a false positive or not.

psiinon · 2013-06-06T10:48:21Z

Typical - github translated my payloads and indications!
So the payload was an encoded version of the std basic script attack.
Lets try again...
Payload:

&#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;&#x3B;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;

Indication:

 <script>alert(1);</script>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add an 'indication' element #3

Add an 'indication' element #3

psiinon commented Jun 5, 2013

dancornell commented Jun 6, 2013

psiinon commented Jun 6, 2013

psiinon commented Jun 6, 2013

Add an 'indication' element #3

Add an 'indication' element #3

Comments

psiinon commented Jun 5, 2013

dancornell commented Jun 6, 2013

psiinon commented Jun 6, 2013

psiinon commented Jun 6, 2013