[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Cross Site Scrpting and ASP.NET

Posted on 2009-06-30
8
Medium Priority
?
536 Views
Last Modified: 2012-05-07
_LASTFOCUS, a default parameter in ASP.NET 2.0, is vulnerable to reflexif cross site scripting (CSS).

One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx.)

Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:
http://support.microsoft.com/kb/923100/

I did, but no luck - the patch would not install!

Any solutions? My main problem is to get rid of CSS - please suggest.
0
Comment
Question by:Jeevan Bordoloi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:tpsl
ID: 24745376
http://support.microsoft.com/kb/922770

Did anything on this link help?
0
 
LVL 3

Author Comment

by:Jeevan Bordoloi
ID: 24751417
I tried to install the patch, but couldn't install.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 24777926
> .. a default parameter in ASP.NET 2.0,
do you use that parameter? if not simply disable the corresponding script.
0
 
LVL 3

Author Comment

by:Jeevan Bordoloi
ID: 24782707
Yes, we do
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 2000 total points
ID: 24782886
then I see following possibilities:
1) wait 'til you get an installable patch
2) fix the code
3) write a wrapper script which checks its input for XSS and forwards to the vulnerable script if the input matches your rules
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Check out what's been happening in the Experts Exchange community.
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question