1

Lots of research has been done but I have not had any success. I have already checked the following links and many more.

https://infosecauditor.wordpress.com/2013/05/27/bypassing-asp-net-validaterequest-for-script-injection-attacks/

http://blog.diniscruz.com/2014/06/bypassing-aspnet-request-validation.html

Is there any way that how to bypass asp validation request for storing XSS attack.?

In above link, unicode characters are to be inserted and then popup on rendering time.

Is there any possibilities to execute script by unicode characters?

Improve this question
3
  • Is your requirement to bypass asp.net ValidateRequest functionality which is by default enabled for ASP.NET request.? Commented Apr 19, 2017 at 11:43
  • yes. my requirement to store XSS by unicode Commented Apr 19, 2017 at 11:55
  • To encode your content to make it XSS safe, encode the string, like : HttpUtility.UrlEncode(inputString); Commented Apr 19, 2017 at 11:59

1 Answer 1

Reset to default
1

If your requirement is to bypass ASP.NET ValidateRequest functionality which is by default enabled for ASP.NET; then in the aspx page directive add the validateRequest attribute and set it to false. Se the code below:

<pages validateRequest="false" />

If your requirement is to make the input string XSS safe, encode the input string:

HttpUtility.UrlEncode(inputString);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.