I have started working on a webforms application built in .net 2.0 using VS 2005. I am kind of new to web application
When I am clicking on a Menu item which is <li/> tag and capture the request in burp and Changed the Url to "obgv0%22%3e%3cscript%3ealert('XSS HACKED')%3c%2fscript%3et48bw"
Here I am getting getting a pop-up-"XSS HACKED" and it indicates that it is vulnerable.
I tried to find exact solution of this problem on net. but unlucky so far.
I tried to replicate the scenario in VS 2015 by creating an empty web application. but it seems Microsoft put a permanent fix for this. If someone can guide me the way Microsoft implemented it and help me in understanding the same. that will be great.
damaged URL "obgv0%22%3e%3cscript%3ealert('XSS HACKED')%3c%2fscript%3et48bw"
.net 2.0 applicationMicrosoft implemented the fix for newer versions of .netWe have removed the cookies from the page and implement the server side validation to solve the vulnerability.
This is not a suggested solution for all the XSS issues. Solutions is Vulnerability Specific.