lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061025221108.4372.qmail@securityfocus.com>
Date: 25 Oct 2006 22:11:08 -0000
From: research@...checkup.com
To: bugtraq@...urityfocus.com
Subject: Microsoft .NET request filtering bypass vulnerability

Applications which fail to provide their own filtering on top of the inbuilt .NET request filtering may be vulnerable to XSS attacks.

Provided that a web application solely relies on .NET request filtering before echoing input back to the web browser, it is possible to inject scripting code and successfully launch XSS attacks by submitting a specially crafted request.

Specific technical details about the payload required to bypass the .NET request filtering will be provided by ProCheckUp 
<http://www.procheckup.com> at a later date.


The following combination of client and server environment was successfully tested using XSS cookie theft and redirect attacks:

* Microsoft Windows Server 2003 Standard Edition Build 3790.srv03_sp1_rtm.050324-1447 Service Pack 1
* Microsoft IIS 6.0
* Microsoft ASP .NET Framework Version 2.0.50727.42
* Microsoft Internet Explorer 6.0.2900.2180.xpsp_sp2_gdr.050301-1519
* Microsoft Internet Explorer 7.0.5450.4 Beta 3

Note: the technical details for this advisory are different from BIDs 8562, 12574 and 20337.

The current version of the advisory can be found on http://www.niscc.gov.uk/niscc/docs/br-20061020-00711.html?lang=en

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ