[WEB SECURITY] XSS Question

Jason Drury druryjason at yahoo.com
Thu Jun 23 12:15:53 EDT 2011


Hello,

During a recent web pentest I found an input vulnerable to XSS. The developers have come back to me saying they resolved the issue, but upon retesting I found it still vulnerable to the following string: \";alert('XSS');//

Just for my own education, can anything malicious be done with such a string or is the extent of the damage a popup box (which is what I currently get).

Thank you,
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110623/fc4c3721/attachment-0003.html>


More information about the websecurity mailing list