[WEB SECURITY] XSS Question
druryjason at yahoo.com
Thu Jun 23 12:15:53 EDT 2011
During a recent web pentest I found an input vulnerable to XSS. The developers have come back to me saying they resolved the issue, but upon retesting I found it still vulnerable to the following string: \";alert('XSS');//
Just for my own education, can anything malicious be done with such a string or is the extent of the damage a popup box (which is what I currently get).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity