ISS6 - ASP.NET

From: webappsec@technicalinfo.net
Date: Tue Sep 09 2003 - 06:23:14 EDT

• Next message: mmo@remote-exploit.org: "Radius and tacacs+"
• Previous message: Alfred Huger: "New articles on SecurityFocus"
• Next in thread: H D Moore: "Re: ISS6 - ASP.NET"
• Reply: H D Moore: "Re: ISS6 - ASP.NET"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Anyone been playing with ASP.NET and the error message it automagically creates?

Given the following helpful error message, what experience have other people had SUCCESSFULLY exploiting this type of vuln on IIS6, given the comprehensive automated response?

A potentially dangerous Request.QueryString value was detected from the client (criteria="'><H1>Toss</H1>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (criteria="'><H1>Toss</H1>").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (criteria="'><H1>Toss</H1>").]
   System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
   System.Web.HttpRequest.get_QueryString() +113
   System.Web.UI.Page.GetCollectionBasedOnMethod() +83
   System.Web.UI.Page.DeterminePostBackMode() +47
   System.Web.UI.Page.ProcessRequestMain() +2075
   System.Web.UI.Page.ProcessRequest() +218
   System.Web.UI.Page.ProcessRequest(HttpContext context) +18
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573

Cheers.

http://www.technicalinfo.net/

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

• Next message: mmo@remote-exploit.org: "Radius and tacacs+"
• Previous message: Alfred Huger: "New articles on SecurityFocus"
• Next in thread: H D Moore: "Re: ISS6 - ASP.NET"
• Reply: H D Moore: "Re: ISS6 - ASP.NET"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT