The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

In the first type of filter, the application will typically respond to your attack

string with an entirely different response than it did for the harmless string —

for example, with an error message, possibly even stating that a possible XSS

attack was detected, as shown in Figure 12-9.

Figure 12-9: An error message generated by ASP.NET’s anti-XSS filters

If this occurs, then the next step is to determine what characters or expres-

sions within your input are triggering the filter. An effective approach is to

remove different parts of your string in turn and see whether the input is still

being blocked. Typically, this process establishes fairly quickly that a specific

expression such as