<< PREVIOUS  NEXT >> 

 

STORED XSS

  1. Code: 4

  2. Brief Description: Stored Cross-site Scripting

  3. Sample log message:

    1. CEF format 

       

      Jul 20 06:59:58 10.16.4.112 CEF: 1|Virsec Security Platform|Virsec|1.3.0|4|StoredXSS|10|EventId=VS-SXSS-072020-A00005|Application_Name=PHP_Webgoat 7.0 Server_Name=ubuntu16 Incident_Level=ATTACK Incident_Category=WEB_ATTACK Incident_Type=StoredXSS Incident_Timestamp=20 Jul 2020 11:00:07 AM UTC Threat Level=ATTACK Malicious Input=[{"k13": "<script>alert(11)</script>"}] Attacker=10.16.4.50:-4978 Event Source Name=CVE Session token id=uabpb7sns1lsne6rhbo7qbh4v0 UUID=2d93af24-ca78-11 HTTP Request=/mode/single/challenges/XSS2/ pid=2315 description=StoredXSS category=Web Attack eventTime=2020-07-20 11:00:07 tid=2315

    2. CEF - Fixed Key Definition format 

       

      Sep  8 09:38:33 10.16.6.4 CEF: 1|Virsec Security Platform|Virsec|1.4.0|4|StoredXSS|10|EventId=VS-SXSS-090820-A00087|cs1Label=Application_Name cs1=RHEL_webgoat_17 8 cs2Label=Server_Name cs2=rhelwebgoat_17 cs3Label=Incident_Level cs3=ATTACK cs4Label=Incident_Category cs4=WEB_ATTACK cs5Label=Incident_Type cs5=StoredXSS cs6Label=Incident_Timestamp cs6=08 Sep 2020 01:40:01 PM UTC cs7Label=Threat Level cs7=ATTACK cs8Label=Malicious Input cs8=[{"k2": "<SCRIPT>alert('bang!');</SCRIPT>"} cs9Label=Attacker cs9=10.16.3.114:64608 cs10Label=Event Source Name cs10=CVE cs11Label=Session token id cs11=4E5A6AB4D7598AEBA5FD61635F7B99AE cs12Label=UUID cs12=5b2f7430-9b6e-4f cs13Label=HTTP Request cs13=GET /webgoat/attack cs14Label=pid cs14=15453 cs15Label=description cs15=StoredXSS cs16Label=category cs16=Web Attack cs17Label=eventTime cs17=2020-09-08T01:39:42.042-04:00 cs18Label=tid cs18=35

 

<< PREVIOUS   NEXT >>