lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <48ADCB49.5070104@procheckup.com>
Date: Thu, 21 Aug 2008 21:08:41 +0100
From: ProCheckUp Research <research@...checkup.com>
To: bugtraq@...urityfocus.com
Cc: WebAppSec <webappsec@...urityfocus.com>,
	websecurity@...appsec.org
Subject: PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection
 Attacks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Microsoft .NET framework comes with a request validation feature,
configurable by the ValidateRequest setting. ValidateRequest has been a
feature of ASP.NET since version 1.1. This feature consists of a series
of filters, designed to prevent classic web input validation attacks
such as HTML injection and XSS (Cross-site Scripting). This paper
introduces script injection payloads that bypass ASP .NET web validation
filters and also details the trial-and-error procedure that was followed
to reverse-engineer such filters by analyzing .NET debug errors.

The original version of this paper was released in January 2006 for
private CPNI distribution. This paper has now been updated in August
2008 to include additional materials such as input payloads that bypass
the latest anti-XSS .NET patches (MS07-40) released in July 2007.

Paper:

http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf


Advisory:

http://www.procheckup.com/Vulnerability_PR08-20.php
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIrctJoR/Hvsj3i8sRAjEWAJ9DjcWdNiGcEykEphn71QJqzB05OgCeOznJ
NVERfW1rIgUZyMWaKcMiSn8=
=lTNm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ