Bypassing ASP .NET “ValidateRequest” for Stored XSS Attack

This article introduces script injection payloads that bypass ASP .NET ValidateRequest filter and also details the hit and trial procedures to analyze .NET debug errors. The techniques included in this article should be used when ValidateRequest is enabled, which is the default setting of ASP .NET.

About ValidateRequest: The Microsoft .NET framework comes with a request validation feature which is configured by the ValidateRequest setting. This feature consists of a series of filters, designed to prevent script injection attacks such as HTML injection and XSS (Cross Site Scripting). ValidateRequest is present in ASP.NET versions 1, 2 and 3. ASP.NET version 4 does not use the ValidateRequest filter.

Continue reading


The Beginning

Nothing is more dangerous than the combination of ignorance and enthusiasm.

Hello! Welcome to the blog INFOSECAUDITOR, a knowledge sharing platform for information security professionals. I am extremely excited to announce the start the blog and  hope it will help us to understand the security in a better manner and also to share the knowledge with each other.

I wish you all a very happy reading!!!!!