Attempted exploit?

Question

I saw that my nopCommerce site had a logged search for:

ADw-script AD4-alert(202) ADw-/script AD4-

I\'m a bit curious though what they were try

Answer 1

Someone is checking if you have a UTF-7 injection vulnerability to exploit it later. UTF-7 uses only characters that are usually not considered harmful. Do you always use meta charset in your HTML?

Always use meta charset as high as possible in your HTML, like this:

  


  
  ...

and you won't have to worry about UTF-7 based XSS attacks.