I hosted an application in ASP.NET 4.0 webforms.
When I am browsing hostname/DressDetail.aspx?<script>alert(313)</script>
&category=1&code=76
It is showing an error message like:
A potentially dangerous Request.QueryString value was detected from the client (="alert(313)
But I am expecting same error message as above when I am browsing hostname/DressDetail.aspx?<script>alert(313)</script>=1
&category=1&code=76
But it loads the page. But it should not be. The only difference is an extra =1 in the latter url.