syntribos failures
Hi,
Syntribos run shows following failures, can someone help with their impact on system and method to remediate them.
Syntribos test case failures include:
- The difference in length between the response to the baseline request and the request returned when sending an attack string exceeds 1000.0 percent, which could indicate a vulnerability to injection attacks.
- This request returns an error with status code 500, which might indicate some server-side fault that may lead to further vulnerabilities.
- The string(s): '['<script>alert(document.cookie);</script>']', known to be commonly returned after a successful XSS attack, have been found in the response. This could indicate a vulnerability to XSS attacks.
- The string(s): '[\"
- The string(s): '[\"</script><script>alert('XSS');</script>\"]', known to be commonly returned after a successful XSS attack, have been found in the response. This could indicate a vulnerability to XSS attacks.
- The string(s): '[\"<style>@import'http://xss.rocks/xss.css';</style>\"]', known to be commonly returned after a successful XSS attack, have been found in the response. This could indicate a vulnerability to XSS attacks.
Regards Shri Prakash