blob: e0defb172503e751b134de9d69a4a0ff623f8489 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Manual regression test procedure for XSS referer
================================================
1. set in the config.ini.php
[Tracker]
visit_standard_length = 1
enable_detect_unique_visitor_using_settings = 0
[Debug]
always_archive_data = 1
2. go to /misc/testJavascriptTracker/ and fake the referer using, eg. RefControl options Firefox extension
http://www.google.co.uk/search?hl=en&q=<script>alert('test');</script>
http://example.com/"<script>alert(''test'');</script>
http://example3.com/test>"'><script>alert('XSS')</script>
http://example.com/"><script>alert('yo')</script>
http://example.com/"><script>alert(''hi'')</script>
localhost<script>alert(''test'')<', 'http://localhost<script>alert(''test'')</script>/test<script>alert(''test'')</script>
3. go to Piwik UI, and check that in referer everything looks as expected (no parse error, etc.)
|