Demo Site: demo.testfire.net Full Request is: http://demo.testfire.net/search.aspx?txtSearch=%3cimg%20src%3d8%20onmousemove%3d%22alert(299792458)%22%3e Payloads below: `<img src=1 onmousemove="{JAVASCRIPT}">` `<img src=1 onmousemove='{JAVASCRIPT}'>` `<img src=1 onmousemove={JAVASCRIPT}>` I test on FF and Chrome, payloads is work. But xssValidator can't Detect. How can I fix it? Some info: Firefox: v51.0.1 Chrome: v56.0.2924.87 xssValidator: v1.3.2 Phantomjs: v2.1.1
Demo Site: demo.testfire.net
Full Request is:
http://demo.testfire.net/search.aspx?txtSearch=%3cimg%20src%3d8%20onmousemove%3d%22alert(299792458)%22%3e
Payloads below:
<img src=1 onmousemove="{JAVASCRIPT}"><img src=1 onmousemove='{JAVASCRIPT}'><img src=1 onmousemove={JAVASCRIPT}>I test on FF and Chrome, payloads is work. But xssValidator can't Detect.
How can I fix it?
Some info:
Firefox: v51.0.1
Chrome: v56.0.2924.87
xssValidator: v1.3.2
Phantomjs: v2.1.1