You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Another optional one, but one that tools can use to indicate the string that they identified which indicates the problem.
This can help the user sanity check the vulnerability.
The text was updated successfully, but these errors were encountered:
No, although thats useful to include as well :)
So the payload could be: <script>alert(1);</script>
while the indication (ie whats in the resulting page) would probably be: <script>alert(1);</script>
I use that in ZAP to highlight the relevant part of the response - a user can then look at that and hopefully more easily make a better judgement as to whether its a false positive or not.
Typical - github translated my payloads and indications!
So the payload was an encoded version of the std basic script attack.
Lets try again...
Payload:
Another optional one, but one that tools can use to indicate the string that they identified which indicates the problem.
This can help the user sanity check the vulnerability.
The text was updated successfully, but these errors were encountered: