POC Code to Steel Cookies:
1) User cookies could be retrieved and misused.
2) Users could be redirected to fake login pages where passwords could be stolen
3) The possibility of an XSS worm would be there.
4) Unwanted transactions could be done in context of logged in user.
1) Strong XSS filters should be deployed if html is allowed, make sure the XSS filter is updated on continues basis considering the update of HTML 5 tags.
2) In case of no HTML, htmlencode all the response.write requests.
3) Many more filter bypassing tags were discovered for current application and is included along with this report.
Note: Many more filter bypass could be found.
Other Filter Bypassing Tags: