Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Pen-tester's analysis of .NET security?

From: Frank Knobbe <frank () knobbe us>
Date: Fri, 26 Mar 2004 15:54:26 -0600
On Fri, 2004-03-26 at 02:29, Dominick Baier wrote:

however there is a bug in asp.net 1.1 with null characters :

won't work
http://foo.bar/search.aspx?term=<SCRIPT>alert('Vulnerable')</SCRIPT>

will work
http://foo.bar/search.aspx?term=<%00SCRIPT>alert('Vulnerable')</SCRIPT>



What did I say earlier about not trusting the OS? Perfect example here.
You can't trust anybody but your own code :)

Any idea why Microsoft is filtering for "<SCRIPT>" specifically and not
just "<" and ">"?

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: