More insecurity???
We cannot say the website in question on htxp://www.isimtescil.net/destek.aspx?foo=%3Cscript%3E
is not vulnerable to a form of stack clash because of the stack trace fail.
Stack traces are used during the development process to provide verbose information when a server error occurs. This information can be leveraged to exploit the application as it discloses potentially sensitive information about the internal implementation of the website. Custom errors should be used to keep this information from view.
Result
It looks like a stack trace is being returned as detected by the presence of a “Stack Trace:” entry on the requested URL. Stack traces are particularly dangerous to expose publicly as they may contain code-level information about the page.
It’s easy to hide the stack trace, just configure the web.config to ensure the mode is either “On” or “RemoteOnly”. Also review the custom errors section of this report and ensure there is a valid “defaultRedirect” defined so that custom errors appears as follows:
A·potentially·dangerous·Request.QueryString·value·was·detected·from·the·client·(foo="<script>").
This page has been blocked by the Netcraft Extension for the following reason:
Suspected XSS Attack
Blocked URL: hxtp://www.isimtescil.net/destek.aspx?foo=%3Cscript%3E
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (foo="").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11984083
System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +221
System.Web.HttpRequest.get_QueryString() +72
System.Web.UI.Page.DeterminePostBackMode() +89
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +9527
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +355
System.Web.UI.Page.ProcessRequest() +75
System.Web.UI.Page.ProcessRequest(HttpContext context) +70
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +798
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +91
Consider
void function(char *str) {
char buffer[16];
strcpy(buffer,str);
}
void main() {
char large_string[256];
int i;
for( i = 0; i < 255; i++)
large_string[i] = ‘A’;
function(large_string);
}
All which was not performed diectly naturally, only as a pure 3rd party public cold reconnaissance website scan result 
via http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://www.isimtescil.net/destek.aspx%3Ffoo%3D%253Cscript%253E&uag=Mozilla/5.0+(Windows+NT+6.3%3B+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/61.0.3163.100+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO
drweb.aspx seems a disallowed entry on this Cyprus website? same fails and warnings here: -https://asafaweb.com/Scan?Url=www.isimtescil.net%2Fadmin%2Fcustomer%2Flogin%2Fsunucu%2FDedicated-Genel-Bilgiler.aspx
This should be addressed however: https://github.com/jquery/jquery/issues/2432
and then there are errors here: wxw.isimtescil.net/scripts/jquery.poshytip.js
status: (referer=www.isimtescil.net/destek.aspx?)
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable $.browser
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.browser = 1;
error: line:1: ....^
Never to use $ with an invalid argument, no matter what version is being used.
Throws a reference error in strict mode - info credits should go to Mozilla developer web docs' : jameshkramer
polonus (volunteer website security analyst and website error-hunter)