Yeah, for now I would want to just have a lookup file for exact strings that were identified and confirmed via either scannning and/or pentesting. I know that would just be a starting point as the URL could probably be encoded and certain variations could be used to still exploit the XSS vulnerability.
So yes, in short, I want to create a lookup file with exact URL's that I know are validated XSS exploits and I would like to create an alert or search that would take that data and compare it to the lookup file and I could confirm that the alerts would be a successful XSS attempt.
... View more