I have a website that I am testing but I am pretty new to all of this security stuff and would appreciate some help!.
I have a url similar to the following: http://testurl?nexturl=whatever
The nexturl parameter determines what url should be displayed after something has happened.
I'm trying to test for XSS vulnerabilities and have disabled URL filtering in my browser. I am trying to replace the whatever with something like and if I view the page source code I see "nextUrl=" in it. However, I do not see an alert when the "something has happened".
Is there some better piece of javaScript I can put in to the URL to see if it is executed?
http://dlvr.it/S1w8Vr
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment