WAF Tester
Query parameter names for XSS
Limitations
- Only use one context at a time. Multiple injection points are not considered at the moment.
- Must execute arbitrary Javascript. This means an alert(1) at the minumum. This proves you can call any function and pass multiple arguments to it.