By understanding how ASP .NET malicious request filtering functions, ProCheckUp has found that it is possible to bypass ASP .NET request filtering and perform XSS and HTML injection attacks.
It was possible to perform redirect, cookie theft, and unrestricted HTML injection attacks against an ASP .NET application setup in a test environment. ProCheckUp has also found this issue to be exploitable while carrying out penetration tests on several customer's live environments.
--------------------------Check the link above for PoCs.
No comments:
Post a Comment