ASP.net enables validaterequest filter by default on its installation. For those unfamiliar with this, it is essentially a filter that checks for potential malicious cross site scripting and injections into forms.
Reading ProCheckup's research paper, they formulated attack vectors mainly revolving around this to bypass the filter:
However, this was 2 years ago, and it appears to not work any longer with the most recent patches (I found a post of a user during my googling who is experimenting the same results as well).
My google-fu may be weak, however I have not come upon anything new, has anyone else? Tips? I also noticed quite a few people bashing on the validaterequest filter within the past year on other forums saying it is weak, however with no reason as to why it is weak. If anyone can shed some light on this as well, it would be much appreciated.
I am performing these tests legally, and am just seeking to better myself in the web assessment division.