forked from cdmerritt/CxCE
-
Notifications
You must be signed in to change notification settings - Fork 27
Expand file tree
/
Copy pathxss.aspx
More file actions
20 lines (18 loc) · 896 Bytes
/
xss.aspx
File metadata and controls
20 lines (18 loc) · 896 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="xss.aspx.cs" Inherits="CxCE_Demo.xss" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
This page is vulnerable to XSS via query parameter. The form below uses a custom (arbitrarily silly) validation routine that will only output the user's
text if the user types "safe". If the user types anything else, an error message is output. It is also vulnerable to stored XSS and has a hard-coded password.
<br /><br />
<asp:TextBox ID="name" runat="server" /> <asp:Button runat="server" ID="submit" OnClick="submit_Click" Text="Submit" />
<br /><br />
<asp:Label ID="message" runat="server" /> <br />
<asp:Label ID="message2" runat="server" />
</form>
</body>
</html>