This repository was archived by the owner on May 14, 2020. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +32
-15
lines changed
util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS Expand file tree Collapse file tree 1 file changed +32
-15
lines changed Original file line number Diff line number Diff line change 55 name : " 941170.yaml"
66 description : " Tests to trigger, or not trigger 941170"
77 tests :
8+ -
9+ test_title : 941170-1
10+ desc : XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/
11+ stages :
812 -
9- test_title : 941170-1
10- desc : XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/
11- stages :
12- -
13- stage :
14- input :
15- dest_addr : 127.0.0.1
16- method : GET
17- port : 80
18- uri : ' /char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E'
19- headers :
20- User-Agent : ModSecurity CRS 3 Tests
21- Host : localhost
22- output :
23- log_contains : id "941170"
13+ stage :
14+ input :
15+ dest_addr : 127.0.0.1
16+ method : GET
17+ port : 80
18+ uri : ' /char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E'
19+ headers :
20+ User-Agent : ModSecurity CRS 3 Tests
21+ Host : localhost
22+ output :
23+ log_contains : id "941170"
24+ -
25+ test_title : 941170-2
26+ desc : " XSS test based on portswigger XSS cheatsheet"
27+ stages :
28+ -
29+ stage :
30+ input :
31+ dest_addr : 127.0.0.1
32+ method : POST
33+ port : 80
34+ headers :
35+ User-Agent : ModSecurity CRS 3 Tests
36+ Host : localhost
37+ uri : ' /'
38+ data : " payload=javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/\" /+/onmouseover=1/+/[*/[]/+alert(1)//'></a>"
39+ output :
40+ log_contains : id "941170"
You can’t perform that action at this time.
0 commit comments