EH-Net
May 24, 2013, 12:55:46 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
EH-Net > Ethical Hacking Discussions and Related Certifications > Web Applications (Moderator: don) > Bypassing ASP.NET ValidateRequest Filters
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Bypassing ASP.NET ValidateRequest Filters  (Read 3323 times)
0 Members and 1 Guest are viewing this topic.
T_Bone
Full Member
***
Offline Offline

Posts: 199


View Profile
« on: July 19, 2010, 09:15:30 AM »
I regularly test asp.net websites which appear to be hosted on upto date (patched) web servers. The only bypass i have found is <~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS')) but doesnt appear to work anymore! Reading the whitepaper from Procheckup they had the following test environment:

Microsoft Windows Server 2003 R2 Standard Edition Build 3790.srv03_sp2_gdr.070304-2240 : Service Pack 2 (patched Aug 08) running Microsoft IIS 6.0 web server ASP.NET Version: 1.1.4322.2407 (fully patched) ASP.NET Version: 2.0.50727 (fully patched Aug 2008) Microsoft Internet Explorer 6.0.2800.1106 Microsoft Internet Explorer 7.0.5730.13

This was 2 years ago.... anyone got anything upto date sicne most environments SHOULD have been patched since then!
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.077 seconds with 19 queries.