SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #149235

Back to the previous page... Back to the previous page

Test Case IDCandidate149235
Bad / Good / MixedBadBad test case
AuthorCharles Oliveira
Associations
Application: 1  
Added byCharles Oliveira
LanguagePHP
Type of test caseWeb Application
Input stringDuring registration page, type: "/><script>alert("XSS!");</script><a
Expected OutputIt is expected a pop up message with the message "XSS!" in it
Instructions
In order to run WordPress, please set up a web server (Apache) and a database server (MySQL). After that, use the browser to navigate to WordPress main page to continue the configuration
Submission date2015-04-01
DescriptionThe test case shows that the field $user_email is being printed out without any neutralization for XSS.
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') on line(s): 111