Is this a valid XSS attack

My understanding of X开发者_如何学CSS attacks focused on people entering malicious input via forms (persistant XSS attack).

However I'm trying to understand non persistant. Is this as an example (obviously the alert could be substituted for something more sinister...)

http://localhost/MyProject/action.do?Title=<script>alert('XSS');</script>

One problem with that link, though, is <tags> typically aren't allowed in URLs without URL encoding them first. So mailing that link around or posting it wouldn't do you much good.

The more realistic URL encoded form of it would be ..

http://localhost/MyProject/action.do?Title=%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E%

After clicking on this URL, the destination web server would unescape the Title value and if ...

<script>alert('XSS');</script>

... is written as-is without being HTML escaped to the page, that's absolutely XSS.

Yes, pretty much, consider if you have logged in, those script can also access your cookies and could send it to everywhere.

It's definitely a vulnerability, if nothing else, you can send the link with XSS code like this to someone.

I don't have the reputation to comment on Jeff Atwood's answer, so I will disagree with it here. A link like that could certainly be mailed around and used to exploit sites that are vulnerable to reflected XSS. I tested it with Gmail and a site over which I have control.

Perhaps encoding was being done in the background, but regardless, I was able to type in the link, email it, and then click the link and have the exploit work. Additionally, in every browser I tried I was able to directly type in the payload without encoding and have the script fire.

So yes, that code is "valid XSS" and if your site triggers that javascript then your site is vulnerable to a reflected XSS attack.

Yes this is an XSS vulnerability. The Tittle String is not sanitized and displayed as it is before rendering. XSS can be prevented by using a web application firewall like OWASP Stinger

Putting an Alert is the most prominent and widely used Way of testing the Application Vulnerability towards Cross Site Scripting or XSS. If such URL display's an alert , Very likely the same URL can -

1. internally redirect customer to a malicious site or

2. Would send the information copied from the cookie or session to someone.

and the Customer would feel that its your trusted site which has done this as he will keep seeing the trusted site domain in the url.