RE: Pen-tester's analysis of .NET security?

From: Frank Knobbe (frank@knobbe.us)
Date: Fri Mar 26 2004 - 16:54:26 EST

• Next message: Don Parker: "Re: nmap shows open UDP port 113"
• Previous message: Falcifer: "Re: How to evade white spaces in a SQL injection"
• In reply to: Dominick Baier: "RE: Pen-tester's analysis of .NET security?"
• Next in thread: dd: "Re: Pen-tester's analysis of .NET security?"
• Reply: dd: "Re: Pen-tester's analysis of .NET security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 2004-03-26 at 02:29, Dominick Baier wrote:
> however there is a bug in asp.net 1.1 with null characters :
>
> won't work
> http://foo.bar/search.aspx?term=>alert('Vulnerable')</SCRIPT>
>
> will work
> http://foo.bar/search.aspx?term=<%00SCRIPT>alert('Vulnerable')</SCRIPT>

What did I say earlier about not trusting the OS? Perfect example here.
You can't trust anybody but your own code :)

Any idea why Microsoft is filtering for "<SCRIPT>" specifically and not
just "<" and ">"?

Regards,
Frank

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Don Parker: "Re: nmap shows open UDP port 113"
• Previous message: Falcifer: "Re: How to evade white spaces in a SQL injection"
• In reply to: Dominick Baier: "RE: Pen-tester's analysis of .NET security?"
• Next in thread: dd: "Re: Pen-tester's analysis of .NET security?"
• Reply: dd: "Re: Pen-tester's analysis of .NET security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT