| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 25 Oct 2006 22:11:08 -0000 From: research@...checkup.com To: bugtraq@...urityfocus.com Subject: Microsoft .NET request filtering bypass vulnerability Applications which fail to provide their own filtering on top of the inbuilt .NET request filtering may be vulnerable to XSS attacks. Provided that a web application solely relies on .NET request filtering before echoing input back to the web browser, it is possible to inject scripting code and successfully launch XSS attacks by submitting a specially crafted request. Specific technical details about the payload required to bypass the .NET request filtering will be provided by ProCheckUp <http://www.procheckup.com> at a later date. The following combination of client and server environment was successfully tested using XSS cookie theft and redirect attacks: * Microsoft Windows Server 2003 Standard Edition Build 3790.srv03_sp1_rtm.050324-1447 Service Pack 1 * Microsoft IIS 6.0 * Microsoft ASP .NET Framework Version 2.0.50727.42 * Microsoft Internet Explorer 6.0.2900.2180.xpsp_sp2_gdr.050301-1519 * Microsoft Internet Explorer 7.0.5450.4 Beta 3 Note: the technical details for this advisory are different from BIDs 8562, 12574 and 20337. The current version of the advisory can be found on http://www.niscc.gov.uk/niscc/docs/br-20061020-00711.html?lang=en
Powered by blists - more mailing lists