Bit of an odd one, I have noted within the web application created by my employer that I can do script injections. Now I am a regular tester but I decided to have a play with this awesome list of strings that can help to uncover security vulnerabilities in the system - https://github.com/minimaxir/big-list-of-naughty-strings
Unfortunately one actually worked so I immediately raised this to my boss but it has been swept under the rug as a “Well it hasn’t been a problem for the last ten years, so we will fix it eventually”… That worries me and I feel they don’t understand the full gravity of the situation.
Now, I’m not one to let this drop just yet so is there a string I could input that will highlight the vulnerability of the site in a way they may understand? I have shown them <plaintext> (remove the *'s of course) is there a way of capturing the data on the page and downloading it into a text file or something similar to show this is serious?
Just to clarify, I’m not looking to break the site, I am the sole tester on the site and this is an isolated test site contained on my local machine so will not impact live or other users. I am just wanting to highlight this as a more serious issue.
If you have gotten this far through my essay, thank you.