Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ASP.NET default input validation

from [pagvac] Network Security [Permanent Link]
Subject: Re: ASP.NET default input validation
Date: Thu, 5 Apr 2007 20:14:22 +0100 
The following should hopefully help you:

http://www.procheckup.com/Vulner_PR0703.php

On 3/22/07, Mark K. Murdock <mark.murdock@lanternsec.com> wrote: 
Has anyone identified a way to pass a "<script" string through the
default form/cookie/query validation in ASP.NET 2.0?  I'm referring to
the validation performed on input unless ValidateRequest="false" is
defined in the page directive, web.config, or machine.config file.
We've tried a variety of encodings but haven't found one yet that
doesn't throw an HttpRequestValidationException.

Thanks,
Mark

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC. Download a
free trial of AppScan today and see why more customers choose AppScan
then any other solution.

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008fHP
--------------------------------------------------------------------------




--
pagvac
[http://gnucitizen.org, http://ikwt.com/]

-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHF
--------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Username enumeration vulnerabilities, Adrian Pastor
Next by Date:  HTTP Secure Cookie Directive setting, kapil assudani
Previous by Thread:  ASP.NET default input validation, Mark K. Murdock
Next by Thread:  [Full-disclosure] Fuzzled - Perl fuzzing framework, Tim Brown
Indexes:  [Date] [Thread] [Top] [All Lists]