Jump to content
xisto Community
Sign in to follow this  
iGuest

Microsoft ASP.NET Unicode Conversion vulnerability

Recommended Posts

Andrey Rusyaev has discovered a vulnerability in ASP.NET, which potentially can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.The vulnerability is caused due to an input validation error in the filtration of special HTML characters supplied as unicode characters in the "Request Validation" and "HttpServerUtility.HtmlEncode" security mechanisms. This can e.g. be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site via a script returning user input without sanitation.Successful exploitation requires that the response encoding has been set to a national ASCII codepage (not default setting).The vulnerability has been confirmed in Microsoft .NET Framework version 1.1.4322.573. The vulnerability has also been reported in .Net Framework version 1.0 (service pack 2 and prior) and 1.1 (service pack 1 and prior).Solution:Set the response encoding to unicode (default setting).Provided and/or discovered by:Andrey Rusyaev

Share this post


Link to post
Share on other sites

ahhhhhhhhhhh if somebody wanted to read this stuff they would go to a news site and read it but you just keep copying and pasting this crap

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.