check for XSS vulnerabilities

navnorth / wp-oer

WordPress OER Plugin

GNU General Public License v3.0

8 stars 2 forks source link

check for XSS vulnerabilities #8

Closed joehobson closed 9 years ago

joehobson commented 9 years ago

this should be a fairly simple check since there aren't really any places where user input is displayed on the screen (other than basic WP search), but it would be good to learn what to look out for and ways to test for vulnerabilities.

johnpaulbalagolan commented 9 years ago

I have finished XSS vulnerability checking. But I am still checking for other ways to test for this type of vulnerabilities. Also checked for the suggestion of sucuri here, https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html. Our plugin is not vulnerable.

johnpaulbalagolan commented 9 years ago

I have also done the following tests for XSS vulnerabilities in WP OER Plugin. I have found no XSS vulnerabilities.

cross-site execution “> as suggested here, http://janne.is/2013/02/testing-basic-xss/
tried also adding autofocus and formaction on buttons as suggested here, http://html5sec.org/
tested also setting src attribute of image to javascript alert like this, <IMG SRC=javascript:alert("XSS")>

fixed #8.