Solved

Cross Site Scrpting and ASP.NET

Posted on 2009-06-30
8
519 Views
Last Modified: 2012-05-07
_LASTFOCUS, a default parameter in ASP.NET 2.0, is vulnerable to reflexif cross site scripting (CSS).

One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx.)

Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:
http://support.microsoft.com/kb/923100/

I did, but no luck - the patch would not install!

Any solutions? My main problem is to get rid of CSS - please suggest.
0
Comment
Question by:Jeevan Bordoloi
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:tpsl
Comment Utility
http://support.microsoft.com/kb/922770

Did anything on this link help?
0
 
LVL 3

Author Comment

by:Jeevan Bordoloi
Comment Utility
I tried to install the patch, but couldn't install.
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. a default parameter in ASP.NET 2.0,
do you use that parameter? if not simply disable the corresponding script.
0
 
LVL 3

Author Comment

by:Jeevan Bordoloi
Comment Utility
Yes, we do
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
Comment Utility
then I see following possibilities:
1) wait 'til you get an installable patch
2) fix the code
3) write a wrapper script which checks its input for XSS and forwards to the vulnerable script if the input matches your rules
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now