When I scan website with burp suite pro, I encountered a XSS. This XSS is
<a b=c>
When Burp suite test other payloads that contain keywords like script,alert,onerror... , this parameters can't pass .For this reason burp suite report only parameter.
As you know this means <a b=c>
a can be replace img,
b can be replace onerror
c can be replace alert
But this parameters(img ,onerror,alert..) prevented on the server side. For fix this XSS problem, input validation can be solution. According to burp this is XSS. Is it really dangerous XSS? What problems might I encounter when I ignore this XSS ( <a b=c>)?
Aucun commentaire:
Enregistrer un commentaire