Vulnerability in EPiServer.Forms
it's possible to intercept the saveAndPublish event in my aspx page?
Look at the events in the DataFactory class. There you have Saving, Saved, Publishing, Published etc.
Btw, you have to catch these in global asax or in a http module that runs on application init.