1-step, 2-step XSS! (Part II)
I neglected to mention in the original post what the implications of two-step XSS there are.
The behaviour of some website to put in viewstate and cookies may well be used to fight CSRF. If that’s the case, it may be possible to inject malformed strings into the viewstate by forcing errors. So you may well see more of this, if people are fighting the difficult problem of CSRF. The viewstate is usually handled by the framework, so it looks like you can’t rely on the framework on everything! All I can really suggest is make sure if anything is echoed back to the user, it must be checked and filtered.
The only way to utilise the two-step attack is probably through phishing emails and getting the user to click on both links. This can be easily be done by simply saying try the first link first and if that fails, try the second.