Hi All,
I'm going through some of the Security Vulnerabilities testing. In that, I'm injecting some arbitrary parameters in the SAML Request and accessing the modified SAML Request. Now, I wanted to stop any request which contains CSS characters. Can any one explain me how to do that?
I have entered 548fc"-alert(XSS)-"1ht19 , in the request and accessed, also enabled BadCSSChars="%22", CSSChecking=Yes, but still I can login to the Application. Siteminder is not blocking the request, Do I need to do anything esle?
https://<HOSTNAME>/affwebservices/redirectjsp/redirect.jsp?SAMLRequest=jZJRT4MwFIXf%2FRWk79Cu2%2BLWDJbpNJrMSAb64IspcCddWIu9BfXfC0OjxsT42Paec%2B69XxfL10PltWBRGR2SUcCIBzo3hdJPIblLL%2F0ZWUYnC5SHitdi1bhSb%2BG5AXTeChGs63TnRmNzAJuAbVUOd9tNSErnahSUFtAGBVRGOQdKa9PKXhE0SDOriiegvTNNklsqKyWRrofrJPY7pZ8km8cL7ZR7W%2FWvxFt3wUofPf6TIXe7F8hw6Atp3WSVyo%2BRHNEQ79LYHI5DhWQnKwTiXa9DIjkvy%2Bk%2BV7OS8xGM%2BemcSVmMWZbtYTLrijCWiKqFLxliA9candQuJJyNJj6b%2B2yajpjgXDAWzOeTB%2BLF1jiTm%2BpM6WHHjdXCSFQotDwACpeLZHWzETxgIhuKUFylaezHt0lKvPtPVrxn1dHTKAY6f3vVH8EkGmCKY8f2u8PfBvITN4l%2BQVrQ757Rx%2FHnf4neAQ%3D%3D548fc"-alert(XSS)-"1ht19&SMPORTALURL=https%3A%2F%2F<HOSTNAME>%2Faffwebservices%2Fpublic%2Fsaml2sso
Thanks,
Sandeep.