Skip to content
This repository was archived by the owner on May 17, 2022. It is now read-only.
This repository was archived by the owner on May 17, 2022. It is now read-only.

False Negative #28

Open
Open
False Negative#28
Labels
bug
@nslearnner

Description

@nslearnner
nslearnner
opened on Feb 24, 2017

Demo Site: demo.testfire.net

Full Request is:
http://demo.testfire.net/search.aspx?txtSearch=%3cimg%20src%3d8%20onmousemove%3d%22alert(299792458)%22%3e

Payloads below:
<img src=1 onmousemove="{JAVASCRIPT}">
<img src=1 onmousemove='{JAVASCRIPT}'>
<img src=1 onmousemove={JAVASCRIPT}>

I test on FF and Chrome, payloads is work. But xssValidator can't Detect.
How can I fix it?

Some info:
Firefox: v51.0.1
Chrome: v56.0.2924.87
xssValidator: v1.3.2
Phantomjs: v2.1.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions