Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Syscan - Next Generation .NET Vulnerabilities.pdf . You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Syscan - Next Generation .NET Vulnerabilities.pdf
by Acidus at 11:21 am EST, Nov 14, 2008

Pretty cool analysis. The "ASP.NET's ValidateRequest stops XSS so its up to the dev to mess it up" is incorrect. Ignore esoteric attacks like double/triple encodings, etc. Lets do something basic.

" onmouseover="alert('xss')

ValidateRequest does not stop attribute injection attacks.


 
 
Powered By Industrial Memetics