ATM_ID: 70575337-6ECD-1014-8284-729E56619FB6

ID: Security_Ck3.0/Vulnerability_Testing/Vulnerability_Testing_CQ/18249

TESTCASE_HEADLINE: XSS Vulnerability - Device WebUI 'Login' page is susceptible to XSS attacks through PAROS tool.

GROUP:

FEATURE:

SUB_FEATURE:

INPUT: Mozilla Firefox 13.0, PAROS used as a proxy 

1. Set Browser listening to PAROS proxy(localhost:8080),ensure browser and intercepting proxy are working properly by performing basic navigation and saving valid settings. 

2. In paros, under Tools->Filter enable only 'Replace HTTP response body using defined pattern' with 'admin' as pattern and replace with the script "script>alert('hi');</script>" 

PROCEDURE:

OUTPUT:

PROCESS:

PRIORITY:

TEST_TYPE:

LOE:

RESOURCE_HW:

RESOURCE_CONSUMEABLES:

RESOURCE_MEDIA:

SKILL_SET:

TEST_CASE_TYPE:

TESTCASE_SOURCE:

SPEC:

SPEC_VERSION:

SPEC_TAG:

ATM_OWNER:

ASSOCIATED_TESTCASES:

TRAINING:

TESTCASE_VERSION:

TESTCASE_STATE:

TESTCASE_PLATFORM:

TESTCASE_PRODUCT:

TESTCASE_APPROVALS:

CDATE: 1475652125

MDATE: 1475652125

MUSER: q50yrg15

AUTHOR: q50yrg15

ATM_MCOMMENTS: Imported from CSV

HISTORY:

ATM_LOCKED:

ATM_REQLINK:

ATM_REQCOUNT: 0

FILENAME:

FILEDESC:

FILES:

QA_TEAM:

APPROVE_QE:

APPROVED_QE:

APPROVE_SE:

APPROVED_SE:

APPROVE_SPAR:

APPROVED_SPAR:

MFF:

PLANNEDTIMESTAFF:

IMPLEMENTED:

DATA_LOGIC:

AUTOMATABLE_NOTAUTOMATABLE:

TC_WEIGHTAGE: