Testing against blocking by Netcraft extension & Site report alerts:https://gbhackers.com/top-500-important-xss-cheat-sheet/ (also using kitploit tampermonkey detection script)..
Also consider and see the naughty list:
https://gist.github.com/richardevcom/c81c59f693b5c3c5de0445bdd2a73c47Example, so see:
https://xss.cx/2011/10/22/ghdb/xss-http-header-location-response-splitting-javascript-injection-example-poc-report-01.htmlExample: Netcraft Logo
Suspected XSS Attack
This page has been blocked by the Netcraft Extension.
Blocked URL: hxxp://bla-di-bla-news dot net/
%3C!%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E%22%3EKicking up a Rails exemption, app vulnerable? Well at least indicates a dangerous or potentially negative action
In most cases we will get a scan fail situation, or we get somewhat the wiser here:
jquery 3.2.1 Found in
https://qmod.quotemedia.com/static/v1.3.0/dayyearrange,detailedquotetab,quotehead.js _____Vulnerability info:
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution 123
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Errors:
SyntaxError: Unexpected string
eval ()()
:4:80()
Object.t [as F_c] (:3:191)()
Object.E_u (:4:244)()
eval (eval at exec_fn (:2:115), :74:477)()
Object.create (eval at exec_fn (:2:115), :76:193)()
c (eval at exec_fn (:2:115), :15:231)()
:4:80()
i (eval at exec_fn (:2:115), :13:165)()
eval (eval at exec_fn (:2:115), :13:292)()
SyntaxError: Invalid regular expression flags
eval ()()
:4:80()
Object.t [as F_c] (:3:191)()
Object.E_u (:4:244)()
eval (eval at exec_fn (:2:115), :74:477)()
Object.create (eval at exec_fn (:2:115), :76:193)()
c (eval at exec_fn (:2:115), :15:231)()
:4:80()
i (eval at exec_fn (:2:115), :13:165)()
eval (eval at exec_fn (:2:115), :13:292)()
Also see: -https://d1io3yog0oux5.cloudfront.net/_5abd5b5da664e1a491be32c4849e7435/vfc/files/theme/js/_js/all.js
Surroundings:
https://sitereport.netcraft.com/netblock?q=AMAZO-CF,13.224.0.0,13.227.255.255But anyhow is seems this host is not vulnerable. No secure cookie attributes found.
However, SSL not supported ->
https://sitereport.netcraft.com/?url=https://www.vfc.compolonus