|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
.Net XSS
From: DokFLeed (dokfleed
dokfleed.net)
Date: Tue Oct 11 2005 - 00:39:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
we are working on a white paper on XSS threats on a .Net platform ,
.Net has a feature to stop <script> and some other XSS parameter.
in this testing case you could still write to the HTML code through a "GET"
parameter in a LOGIN.aspx
you can even write to the "action" parameter of the form.
i.e action="login.aspxANY INJECTED CODE HERE"
all the arguments so far, even with this vulnerability there isn't much you
can do since its on .Net platform
apparently any JavaScript redirect isn't working
writing to the action with "" isn't working as well
i.e. action="login.aspxanotherloginpage.aspx "
any tricks?
Dok
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]