[Owasp-dotnet] Fwd: [WEB SECURITY] PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks
dinis cruz
dinis.cruz at owasp.org
Sun Sep 7 17:04:00 EDT 2008
Interesting stuff, would be good to double check this and post the results
on the WIKI
Dinis
---------- Forwarded message ----------
From: ProCheckUp Research <research at procheckup.com>
Date: Thu, Aug 21, 2008 at 9:08 PM
Subject: [WEB SECURITY] PR08-20: Bypassing ASP .NET "ValidateRequest" for
Script Injection Attacks
To: bugtraq at securityfocus.com
Cc: WebAppSec <webappsec at securityfocus.com>, websecurity at webappsec.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Microsoft .NET framework comes with a request validation feature,
configurable by the ValidateRequest setting. ValidateRequest has been a
feature of ASP.NET since version 1.1. This feature consists of a series
of filters, designed to prevent classic web input validation attacks
such as HTML injection and XSS (Cross-site Scripting). This paper
introduces script injection payloads that bypass ASP .NET web validation
filters and also details the trial-and-error procedure that was followed
to reverse-engineer such filters by analyzing .NET debug errors.
The original version of this paper was released in January 2006 for
private CPNI distribution. This paper has now been updated in August
2008 to include additional materials such as input payloads that bypass
the latest anti-XSS .NET patches (MS07-40) released in July 2007.
Paper:
http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf
Advisory:
http://www.procheckup.com/Vulnerability_PR08-20.php
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIrctJoR/Hvsj3i8sRAjEWAJ9DjcWdNiGcEykEphn71QJqzB05OgCeOznJ
NVERfW1rIgUZyMWaKcMiSn8=
=lTNm
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-dotnet/attachments/20080907/3dae5d0d/attachment.html
More information about the Owasp-dotnet
mailing list