syntribos failures

asked 2017-05-11 13:53:37 -0500

Shri gravatar image

Hi,

Syntribos run shows following failures, can someone help with their impact on system and method to remediate them.

Syntribos test case failures include:

  1. The difference in length between the response to the baseline request and the request returned when sending an attack string exceeds 1000.0 percent, which could indicate a vulnerability to injection attacks.
  2. This request returns an error with status code 500, which might indicate some server-side fault that may lead to further vulnerabilities.
  3. The string(s): '['<script>alert(document.cookie);</script>']', known to be commonly returned after a successful XSS attack, have been found in the response. This could indicate a vulnerability to XSS attacks.
  4. The string(s): '[\"
  5. The string(s): '[\"</script><script>alert('XSS');</script>\"]', known to be commonly returned after a successful XSS attack, have been found in the response. This could indicate a vulnerability to XSS attacks.
  6. The string(s): '[\"<style>@import'http://xss.rocks/xss.css';</style>\"]', known to be commonly returned after a successful XSS attack, have been found in the response. This could indicate a vulnerability to XSS attacks.

Regards Shri Prakash

edit retag flag offensive close merge delete