11

Looking through analytics, I saw that someone visited my cart page and added the following to the URL:

cart?wvstest=javascript:domxssExecutionSink(1,%2522%253Cbr%253E()locxss%2522)

What would this do, and should I be considered of any security issues?

Improve this question
1

2 Answers 2

Reset to default
9

It's an attempt at injecting JavaScript by penetration tool Acunetix. The specfic attack is DOM based XSS (as shown by the function named domxssExecutionSink). If you were to echo the query parameter wvstest directly to the page, their JavaScript would have been executed.

Read more about XSS atacks (and how to mitigate them) at OWASP

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

What's the best way to make sure the attack hasn't gotten through?
@JordanBundy that's very implementation-specific, read the last link to learn more. Remember, always sanitize user input.
@JordanBundy visit the page but with some obvious JavaScript as the parameter such as cart?wvstest=javascript:alert(123) - see if this alert box appears in the response directly or on any other page (e.g. whatever page processes this input and displays it).
1

It will pass the data to your server.

What happens next depends on your server side code.

If you were to read wvstest as a query string and then inject it (without proper sanitisation) into an HTML document, you would have an XSS security hole.

Improve this answer

1 Comment

How should I double check to make sure that isn't happening?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.