0
I run a website that has the seal of the armored site, recently received an email from the armored site saying that its core had changed and the new scans could identify new errors.
As predicted, new errors were identified that were properly corrected, except XSS errors on a single page.
The page in question is: http://cardios.com.br/noticias_detalhes.asp?idNoticia=523&IdSecao=48&IdTipoNoticia=14
And the error pointed out is:
Cross-Site Scripting Vulnerability found. This is a reflected XSS Vulnerability, Detected in an Alert that was an immediate Response to the Injection. Injectable request #: 2 Injected item: GET: Idsecao Injection value:
>"><sVg/OnLOaD=alert(14417575.00347)>Detection value: Alert(14417575.00347)
The problem is: I cannot reproduce the fault, it seems not to be occurring to me. But the armored site keeps pointing out the error.
How to solve?
Post the code for analysis.
– EProgrammerNotFound
I can post it, but the code is pretty extensive. But when placing the "Injection value" in the URL, next to the unprotected "Idsecao" field an Alert should appear on the screen, right? This Alert does not appear. If you could just help me show this Safe Site accused Alert, I could fix it. I just can’t reproduce the flaw.
– Andy Schmitt