How this template works
APIs Selection
The template uses API selection filters to specify the criteria for selecting the APIs to be tested. In this case, the filters include response code, method, response payload, and query parameters. For example, it selects APIs with a response code between 200 and 299, uses the "GET" method, and checks if the response payload contains the HTML doctype declaration.
Execute request
The template defines a single request to be executed. It modifies the query parameter by injecting a malicious script that triggers an alert with the document's domain. This is done to test for XSS vulnerabilities in the targeted API.
Validation
The template specifies the expected response payload for validation. It checks if the response payload contains either the script that triggers the alert or the HTML doctype declaration. If the validation fails, it indicates that the API is vulnerable to XSS attacks.