What is the appropriate defense for this type of attack?
Something like the above anyway... going off memory.
Admittedly, I'm not very knowledgeable of web security. I typically deal with most of the issues through proper detainting of variables etc.. This one has me confused as to how to defend against it except through a 3rd party application. This is an example from an auditor who asked us to turn off ModSecurity and Trustwave WebDefend before running some of the attacks.