Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

Reflected XSS - WAF bypass

POC

Observe the payloads that are blocked by WAF and try one similar to the following: https://targetsite/?&q&zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C%3B1%3B%20// Note: This is a broad concept, above payload is just an example

Impact

Low-Medium

Likelihood

Low-Medium