Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Microsoft .NET request filtering bypass vulnerability

from [research] Network Security [Permanent Link]
Subject: Microsoft .NET request filtering bypass vulnerability
Date: 25 Oct 2006 22:11:08 -0000 
Applications which fail to provide their own filtering on top of the inbuilt 
.NET request filtering may be vulnerable to XSS attacks.

Provided that a web application solely relies on .NET request filtering before 
echoing input back to the web browser, it is possible to inject scripting code 
and successfully launch XSS attacks by submitting a specially crafted request.

Specific technical details about the payload required to bypass the .NET 
request filtering will be provided by ProCheckUp 
<http://www.procheckup.com> at a later date.


The following combination of client and server environment was successfully 
tested using XSS cookie theft and redirect attacks:

* Microsoft Windows Server 2003 Standard Edition Build 
3790.srv03_sp1_rtm.050324-1447 Service Pack 1
* Microsoft IIS 6.0
* Microsoft ASP .NET Framework Version 2.0.50727.42
* Microsoft Internet Explorer 6.0.2900.2180.xpsp_sp2_gdr.050301-1519
* Microsoft Internet Explorer 7.0.5450.4 Beta 3

Note: the technical details for this advisory are different from BIDs 8562, 
12574 and 20337.

The current version of the advisory can be found on 
http://www.niscc.gov.uk/niscc/docs/br-20061020-00711.html?lang=en
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Microsoft .NET request filtering bypass vulnerability, research <=
Previous by Date:  Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability, playpacific . emulacaid
Next by Date:  Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability, Matt Richard
Previous by Thread:  Hosting Controller 6.1 Hotfix <= 3.2 Vulnerability, playpacific . emulacaid
Next by Thread:  [ MDKSA-2006:189 ] - Updated xsupplicant fixes possible remote root stack smash vulnerability, security
Indexes:  [Date] [Thread] [Top] [All Lists]