C Sharp Reflected Xss Request Form
Description
Identifies potential Reflected Cross-Site Scripting (XSS) vulnerabilities in C# applications where unvalidated data is written directly to HTTP responses using dangerous methods like Response.Write() or Response.AddHeader(). This can allow attackers to inject malicious scripts that execute in users' browsers.
Detection Strategy
• Scans for calls to dangerous response writing methods including 'Write' and 'AddHeader'
• Checks if the data being written comes from untrusted sources like user input without proper validation or encoding
• Reports a vulnerability when unvalidated data flows directly into these dangerous response-writing methods
• Focuses specifically on direct writes to HTTP responses that could enable XSS attacks
Vulnerable code example
using System;
using System.Web.UI;
public class VulnerablePage : Page {
protected void Page_Load(object sender, EventArgs e) {
string userInput = Request.Form["data"];
Response.Write(userInput); // Vulnerable: Direct write of unencoded user input enables XSS
}...✅ Secure code example
using System;
using System.Web.UI;
using System.Web;
public class SafePage : Page {
protected void Page_Load(object sender, EventArgs e) {
string userInput = Request.Form["data"];
Response.Write(HttpUtility.HtmlEncode(userInput)); // Safe: Encoding prevents XSS...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.