lang:

ASP

regex:

input.*type=(\"|\')?hidden.*=.*Request\.(QUERYSTRING|FORM)

description:

User controlled input direct to output, possible cross-site scripting.
tags:
xss cross-site scripting cwe-79
results