On Dec 6, 2007, at 4:41 PM, [EMAIL PROTECTED] wrote: > > Thanks -- http://serverip:9999/?";<br><script>alert('toto');</script> > worked -- > > after I'd sent my reponse, I noticed the page was borked with some > text under the login boxes, so it was confirmed. > > Followup question: the URL from the plugin output "/? > <script>cross_site_scripting.nasl</script>", didn't seem to cause > any issue -- what's the best way to confirm -- is the working string > fairly browser dependent? (Like the one you provided for IE7?). >
It is application dependent too. If the plugin fires it means there is an XSS because the string given in the report was found unaltered in the HTTP response. To make it work you just have to replay the attack, look at the source code of the response, find the string and tweak it a bit so the HTTP code becomes interpreted by the web browser. Nicolas _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
