Merge pull request #1577 from dune73/new-tests-for-941280

lifeforms · web-flow · commit d16b82c71f6f · 2019-10-07T22:29:23.000+02:00
Adding new test for 941280 based on XSS cheatsheet by portswigger
diff --git a/util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml b/util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml
@@ -21,3 +21,24 @@
           version: HTTP/1.0
         output:
           log_contains: id "941280"
+  -
+    test_title: 941280-2
+    desc: "XSS test based on portswigger XSS cheatsheet"
+    stages:
+    -
+      stage:
+        input:
+          dest_addr: 127.0.0.1
+          headers:
+            Host: localhost
+            Content-Length: 113
+            User-Agent: ModSecurity CRS 3 Tests
+            Content-Type: application/x-www-form-urlencoded
+          method: POST
+          port: 80
+          uri: "/"
+          version: HTTP/1.0
+          data: 'payload=<a href=abc style="width:101%;height:100%;position:absolute;font-size:1000px;">xss<base href="//evil/</a>'
+          stop_magic: true
+        output:
+          log_contains: id "941280"
