• Support
  • Forums
  • Blogs

XSS with no alarm

OTXFEEDTMSOTXFEEDTMS

New Life Form
+2
I tried to make a simple XSS but OSSIM do not trigger any alarm.
My deployment is a master with two agent.

This is my XSS
http://simple.test/"><script>alert('XSS')</script>

I tried to capture traffic in real time tab dashboard but without success. 

The 2 agents seem to work fine. Traffic is captured correctly and  also the simple XSS test is captured...

Share post:

Answers

  • There is a rule for this.  You might need to enable it on your system.  It's in emerging_pro-scan.rules.  I was going to paste it in here, but the cross site scripting protection on this forum won't let me do it :)
    It's snort sid 2008627.

    In order to make this fire, the attack needs to come from your EXTERNAL_NET to your HTTP_SERVERS group.  You could always copy that rule, and change the variables to HOME_NET and HOME_NET.


    For this kind of thing, it's sometimes easier to look right at snort documentation rather than Alienvault's.

    Good luck.

  • \\";alert('XSS');//
  • Thanks! It's work fine!
Sign In or Register to comment.