Penetration Testing mailing list archives
RE: Pen-tester's analysis of .NET security?
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 26 Mar 2004 15:54:26 -0600
On Fri, 2004-03-26 at 02:29, Dominick Baier wrote:
however there is a bug in asp.net 1.1 with null characters : won't work http://foo.bar/search.aspx?term=<SCRIPT>alert('Vulnerable')</SCRIPT> will work http://foo.bar/search.aspx?term=<%00SCRIPT>alert('Vulnerable')</SCRIPT>
What did I say earlier about not trusting the OS? Perfect example here. You can't trust anybody but your own code :) Any idea why Microsoft is filtering for "<SCRIPT>" specifically and not just "<" and ">"? Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Pen-tester's analysis of .NET security? Lachniet, Mark (Mar 24)
- Re: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 24)
- Re: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 24)
- Re: Pen-tester's analysis of .NET security? Jeff Bryner (Mar 24)
- Re: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 25)
- Re: Pen-tester's analysis of .NET security? H D Moore (Mar 25)
- RE: Pen-tester's analysis of .NET security? Dominick Baier (Mar 26)
- RE: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 26)
- Re: Pen-tester's analysis of .NET security? dd (Mar 26)
- RE: Pen-tester's analysis of .NET security? Dominick Baier (Mar 26)
- Re: Pen-tester's analysis of .NET security? Frank Knobbe (Mar 24)
- <Possible follow-ups>
- RE: Pen-tester's analysis of .NET security? Joel Friedman (Mar 25)
- RE: Pen-tester's analysis of .NET security? Dinis Cruz (Mar 26)
- RE: Pen-tester's analysis of .NET security? Lachniet, Mark (Mar 25)
- RE: Pen-tester's analysis of .NET security? Jeff Bryner (Mar 25)
- RE: Pen-tester's analysis of .NET security? Lachniet, Mark (Mar 25)