标签: javascript xss owasp zap
OWASP ZAP报告了“alert(1);”XSS漏洞,但我们无法在浏览器中弹出。这只是假阳性吗?
注入攻击的HTML是:
<script type="text/javascript"> DataSet.FilterBuilder.QueryValuesDictionary['57_ctl00'] = ;alert(1);; </script>