dancornell
commented
11 years ago Would this be like the payload that was used to exploit a dynamic vulnerability?
Open psiinon opened 11 years ago
dancornell
commented
11 years ago Would this be like the payload that was used to exploit a dynamic vulnerability?
psiinon
commented
11 years ago No, although thats useful to include as well :) So the payload could be: <script>alert(1);</script> while the indication (ie whats in the resulting page) would probably be:
I use that in ZAP to highlight the relevant part of the response - a user can then look at that and hopefully more easily make a better judgement as to whether its a false positive or not.
psiinon
commented
11 years ago Typical - github translated my payloads and indications! So the payload was an encoded version of the std basic script attack. Lets try again... Payload:
<script>alert(1);</script>Indication:
<script>alert(1);</script>
Another optional one, but one that tools can use to indicate the string that they identified which indicates the problem. This can help the user sanity check the vulnerability.