How to make cross site scripting for Json in soap ui?

Question

How to make cross site scripting for Json in soap ui?

Below is my Json request.

{"description":"${#TestCase#description}","assignedToName":null,"title":"${#TestCase#title}","priority":"2"}

In this description and title, the user input field. I am trying to do cross-site scripting and SQL injection for these fields.

When creating a security test, I did not see these descriptions and names appear in two parameters in the parameters.

It seems I need to give Xpath to a json request for XSS in an iteration. I have $ .description (JsonPath) and / description .. Both do not work for me.

How to do it?

thanks

+7

soapui

Changan May 03 '17 at 7:05

source share

1 answer

Cyberabbay · Answer 1 · 2017-05-12T06:59:55+0000

Scripts between sites (XSS) : For cross-site scripting, you can insert a nay script in the input field, if it is not verified correctly, it will be accepted by you on the server side and will be entered into the database. Then, when this data is printed on the page. This script will be printed or executed on the page directly. Inserting an external script into the page is the basic idea of cross-site scripting.

Here is an example

 {"myJSON": "legit", "anyParameter": "12345<script>alert(1)</script>"}

SQL Injection: Basically there are two attempts at SQL injection: 1.Basic SQL injection and 2.Advanced SQL injection. So in your case, you, I think, you need to test SQL injection. You will receive step-by-step information about this on the Internet.

How to make cross site scripting for Json in soap ui?

More articles: