Simulating an XSS attack in a VS2012 MVC4 application
I have a MVC 4 application in which i am trying to simulate an XSS attach.
I just have a button and text box which will just output the value entered
in the text box as below. When i enter <script>alert('xss')</script> in
the text box automatically an exception is showing stating dangerous value
was detected from the client. How can I prevent this atleast for learning
purposes
@{
ViewBag.Title = "Index";
}
<h2>Index</h2>
<h2>@ViewBag.Message</h2>
<form method="post" action="/home/index">
<input type ="text" id="text" name="search" />
<input type="submit" />
</form>
These are my controller actions.
public ActionResult Index()
{
return View();
}
[HttpPost]
public ActionResult Index(string search)
{
ViewBag.Message = search;
return View();
}
No comments:
Post a Comment