Cross Site Scripting & Custom Error Pages
From: Neil (Neil_at_discussions.microsoft.com)
Date: 12/21/04
- Next message: Venkatachalam: "Problem in launching and saving Excel file via ASP.NET"
- Previous message: Patrick Olurotimi Ige: "Re: Trouble moving servers with asp.net"
- Next in thread: Peter Blum: "Re: Cross Site Scripting & Custom Error Pages"
- Reply: Peter Blum: "Re: Cross Site Scripting & Custom Error Pages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Dec 2004 02:27:05 -0800
Hi,
I have been investigating CSS vulnerabilites within my application and have
a question. If I added malicious script tags to the Url these are
automatically removed from all pages of my application and the user is
redirected to my custom error page. This is all taken care of by the .Net
Runtime and works as expected. However if after being redirected to the
custom error page I append script to the query string this is not removed and
I'm presented with the default page telling me to create a custom error page,
I guess you can't have a custom error page for a custom error page... My
question is should I be concerned about this? Should the script tags not be
removed?
Thanks
- Next message: Venkatachalam: "Problem in launching and saving Excel file via ASP.NET"
- Previous message: Patrick Olurotimi Ige: "Re: Trouble moving servers with asp.net"
- Next in thread: Peter Blum: "Re: Cross Site Scripting & Custom Error Pages"
- Reply: Peter Blum: "Re: Cross Site Scripting & Custom Error Pages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
