WebApp Sec mailing list archives
Re: [WEB SECURITY] PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks
From: kuza55 <kuza55 () gmail com>
Date: Thu, 4 Sep 2008 15:43:43 +1000
Sorry for digging this up, but I can't replicate your findings on the IE7 version you claim is vulnerable on your advisory. Your paper seems to say you only tested this on IE 5.5 and IE6 (no mention of IE7), so does is that the case, or am I just doing it wrong? 2008/8/22 ProCheckUp Research <research () procheckup com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent classic web input validation attacks such as HTML injection and XSS (Cross-site Scripting). This paper introduces script injection payloads that bypass ASP .NET web validation filters and also details the trial-and-error procedure that was followed to reverse-engineer such filters by analyzing .NET debug errors. The original version of this paper was released in January 2006 for private CPNI distribution. This paper has now been updated in August 2008 to include additional materials such as input payloads that bypass the latest anti-XSS .NET patches (MS07-40) released in July 2007. Paper: http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf Advisory: http://www.procheckup.com/Vulnerability_PR08-20.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIrctJoR/Hvsj3i8sRAjEWAJ9DjcWdNiGcEykEphn71QJqzB05OgCeOznJ NVERfW1rIgUZyMWaKcMiSn8= =lTNm -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed] Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Re: [WEB SECURITY] PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks kuza55 (Sep 05)