I am doing GET request from Postman as http://localhost:52858/Api/users/Get?alert('hi');
now it is getting below response
Response :
{ "Message": "No HTTP resource was found that matches the request URI 'http://localhost:52858/Api/users/Get?alert('hi');'.", "MessageDetail": "No action was found on the controller 'OrderHistoryDetails' that matches the name 'Gsdfdsfsdfdst'." }
Note: alter('Hi') is encoded in script tags a codeproject is removing that for getting rid of vulnerability. so i am sending script tag and in response also i am getting script tag back
Now many tools are showing this as XSS vulnerability... I tried several solutions but no luck. Please help
Aucun commentaire:
Enregistrer un commentaire