How to do cross site scripting for Json in soap ui?

Question

Below is my Json request.

{"description":"${#TestCase#description}","assignedToName":null,"title":"${#TestCase#title}","priority":"2"}

In this description and title are user input field. I am trying to do cross site scripting and SQL Injection for these fields.

When Creating security Testing, i did not see these description and title two properties in the parameters drop down.

It seems that i need to give the Xpath for the json request to do XSS on iteration basis. I have $.description (JsonPath) and /description.. Both not working for me.

How to do that?

Thanks

Do you have any parameters for the respective method which you are trying? — Rao, May 12 '17 at 06:42
Have you check the logs when you run? Noticing `NullPointerException`. Do you observe the same? This is on `soapui 5.3` — Rao, May 12 '17 at 08:40

score -1 · Answer 1 · answered May 12 '17 at 06:59

Cross Site Scripting(XSS) : For Cross site scripting you can insert nay script in input box if it is not validated properly it will accepted by you server side code and will be injected into database.Then when this data is printed on page .This script will be printed or executed on page directly. Inserting an external script into an page is basic idea of cross site scripting.

Here is an example

{"myJSON": "legit", "anyParameter": "12345<script>alert(1)</script>"}

SQL Injection : Basically there are two try of sql injection 1.Basic sql injection and 2.Advanced SQL injection.So In your case you i think you need to test advance sql injection.You will get step by step information about it on internet.

How to do cross site scripting for Json in soap ui?

1 Answers1