Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cross Site Scrpting and ASP.NET

Posted on 2009-06-30
8
522 Views
Last Modified: 2012-05-07
_LASTFOCUS, a default parameter in ASP.NET 2.0, is vulnerable to reflexif cross site scripting (CSS).

One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx.)

Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:
http://support.microsoft.com/kb/923100/

I did, but no luck - the patch would not install!

Any solutions? My main problem is to get rid of CSS - please suggest.
0
Comment
Question by:Jeevan Bordoloi
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:tpsl
ID: 24745376
http://support.microsoft.com/kb/922770

Did anything on this link help?
0
 
LVL 3

Author Comment

by:Jeevan Bordoloi
ID: 24751417
I tried to install the patch, but couldn't install.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 24777926
> .. a default parameter in ASP.NET 2.0,
do you use that parameter? if not simply disable the corresponding script.
0
 
LVL 3

Author Comment

by:Jeevan Bordoloi
ID: 24782707
Yes, we do
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 24782886
then I see following possibilities:
1) wait 'til you get an installable patch
2) fix the code
3) write a wrapper script which checks its input for XSS and forwards to the vulnerable script if the input matches your rules
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
"Go Fund Me" type plugin 5 24
Bitlocker encryption with Windows 2012 server and workstations 18 27
Change to file doesn't show up 16 52
asp.net mvc 2 22
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question