AnsweredAssumed Answered

150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities - How to test

Question asked by Jean-Sebastien Grenon on May 10, 2016
Latest reply on May 16, 2016 by Dave Ferguson



I'm new with Qualys, and testing XSS. I have received a report with some XSS. Some are in GET and other in POST. Get, I'm able te reproduce, but not in POST.


I was tried with POSTMAN, without success. Can help me to reproduce XSS in POST.


This is what I have in report :




Payload id_report=117620&nom_client_report=Dany%20Descoteaux& ort=%22'%3E%3Cqss%20%60%3b!--%3D%26%7b()%7d

%3E&adresse_report=180%20Roland-Audet&ville_report=Val-D' Or&prix_report=1495.00%20%24&mon_courriel_report=1&mon_message_report=1&submit_courriel_report=1


Request POST


#1 Referer:

#2 Cookie: ubvt=6; location=avbjhtabbdn53bb036rpj9v9k4; shared_session=x;

session2[uuid]=b3ac84c0f3db0230815dd1c; derniereRecherche=a%3A12%3A%7Bs%3A18%3A%22type_etablissement