SasanLabs · preetkaran20 · Oct 18, 2021 · Oct 18, 2021
diff --git a/...g/sasanlabs/service/vulnerability/xss/persistent/PersistentXSSInHTMLTagVulnerability.java b/...g/sasanlabs/service/vulnerability/xss/persistent/PersistentXSSInHTMLTagVulnerability.java
@@ -142,7 +142,7 @@ public ResponseEntity<String> getVulnerablePayloadLevel3(
     @VulnerableAppRequestMapping(
             value = LevelConstants.LEVEL_4,
             htmlTemplate = "LEVEL_1/PersistentXSS")
-    public ResponseEntity<String> getVulnerablePayloadLevel5(
+    public ResponseEntity<String> getVulnerablePayloadLevel4(
             @RequestParam Map<String, String> queryParams) {
         Function<String, String> function =
                 (post) -> {
@@ -164,7 +164,7 @@ public ResponseEntity<String> getVulnerablePayloadLevel5(
     @VulnerableAppRequestMapping(
             value = LevelConstants.LEVEL_5,
             htmlTemplate = "LEVEL_1/PersistentXSS")
-    public ResponseEntity<String> getVulnerablePayloadLevel6(
+    public ResponseEntity<String> getVulnerablePayloadLevel5(
             @RequestParam Map<String, String> queryParams) {
         Function<String, String> function =
                 (post) -> {
@@ -187,7 +187,7 @@ public ResponseEntity<String> getVulnerablePayloadLevel6(
     @VulnerableAppRequestMapping(
             value = LevelConstants.LEVEL_6,
             htmlTemplate = "LEVEL_1/PersistentXSS")
-    public ResponseEntity<String> getVulnerablePayloadLevel7(
+    public ResponseEntity<String> getVulnerablePayloadLevel6(
             @RequestParam Map<String, String> queryParams) {
         Function<String, String> function =
                 (post) -> {
@@ -205,15 +205,11 @@ public ResponseEntity<String> getVulnerablePayloadLevel7(
     }
 
     // as we are adding to div tag so we can leverage the Html Escape for taking care of XSS.
-    @AttackVector(
-            vulnerabilityExposed = VulnerabilityType.PERSISTENT_XSS,
-            description =
-                    "PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_AFTER_HTML_ESCAPING")
     @VulnerableAppRequestMapping(
             value = LevelConstants.LEVEL_7,
             htmlTemplate = "LEVEL_1/PersistentXSS",
             variant = Variant.SECURE)
-    public ResponseEntity<String> getVulnerablePayloadLevel8(
+    public ResponseEntity<String> getVulnerablePayloadLevel7(
             @RequestParam Map<String, String> queryParams) {
         return new ResponseEntity<String>(
                 this.getCommentsPayload(

diff --git a/src/main/resources/i18n/messages.properties b/src/main/resources/i18n/messages.properties
@@ -28,7 +28,6 @@ otherwise benign and trusted websites. XSS attacks occur when an attacker uses a
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG=\"comment\" query param's value is directly added to \"div\" tag.
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG=\"comment\" query param's value is directly added to \"div\" tag after replacing "<img" and "<input" tags.
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_CASE_INSENSITIVE=\"comment\" query param's value is directly added to \"div\" tag after replacing case insensitive "<img" and "<input" tags.
-PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_AFTER_HTML_ESCAPING=\"comment\" query param's value is directly added to \"div\" tag after HTML escaping.
 
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_IF_TAGS_ARE_PRESENT_BEFORE_NULL_BYTE=\"comment\" query param's value is directly added to \"div\" tag after replacing "<img" and "<input" tags if these tags are present before Null Byte.
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_CASE_INSENSITIVEIF_TAGS_ARE_PRESENT_BEFORE_NULL_BYTE=\"comment\" query param's value is directly added to \"div\" tag after replacing case insensitive "<img" and "<input" tags if these tags are present before Null Byte.

diff --git a/src/main/resources/i18n/messages_en_US.properties b/src/main/resources/i18n/messages_en_US.properties
@@ -24,7 +24,6 @@ otherwise benign and trusted websites. XSS attacks occur when an attacker uses a
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG=\"comment\" query param's value is directly added to \"div\" tag.
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG=\"comment\" query param's value is directly added to \"div\" tag after replacing "<img" and "<input" tags.
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_CASE_INSENSITIVE=\"comment\" query param's value is directly added to \"div\" tag after replacing case insensitive "<img" and "<input" tags.
-PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_AFTER_HTML_ESCAPING=\"comment\" query param's value is directly added to \"div\" tag after HTML escaping.
 
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_IF_TAGS_ARE_PRESENT_BEFORE_NULL_BYTE=\"comment\" query param's value is directly added to \"div\" tag after replacing "<img" and "<input" tags if these tags are present before Null Byte.
 PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_CASE_INSENSITIVEIF_TAGS_ARE_PRESENT_BEFORE_NULL_BYTE=\"comment\" query param's value is directly added to \"div\" tag after replacing case insensitive "<img" and "<input" tags if these tags are present before Null Byte.