An XSS scenario without the use of “Script” and <> Usually when testing for XSS vulnerabilities, we normally use the attack vectors <script>alert(111)</script> , <body onload=alert(111)/> etc. If the developer has implemented a blacklist serverside validation for <> and script, we will not get satisfactory test results. But in some scenarios we can successfully demonstrate an XSS attack even without using the above mentioned vectors. This new scenario is mainly observed in the “Search” text box of the applications. test
This is a search text box. Here the user enters some keyword for searching.
Please join StudyMode to read the full document