|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mark K. Murdock (mark.murdock
lanternsec.com)
Date: Wed Mar 21 2007 - 21:49:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Has anyone identified a way to pass a "<script" string through the
default form/cookie/query validation in ASP.NET 2.0? I'm referring to
the validation performed on input unless ValidateRequest="false" is
defined in the page directive, web.config, or machine.config file.
We've tried a variety of encodings but haven't found one yet that
doesn't throw an HttpRequestValidationException.
Thanks,
Mark
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC. Download a
free trial of AppScan today and see why more customers choose AppScan
then any other solution.
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008fHP
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]