Jeevan Bordoloi
asked on
Cross Site Scrpting and ASP.NET
_LASTFOCUS, a default parameter in ASP.NET 2.0, is vulnerable to reflexif cross site scripting (CSS).
One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx.)
Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:
http://support.microsoft.com/kb/923100/
I did, but no luck - the patch would not install!
Any solutions? My main problem is to get rid of CSS - please suggest.
One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx.)
Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:
http://support.microsoft.com/kb/923100/
I did, but no luck - the patch would not install!
Any solutions? My main problem is to get rid of CSS - please suggest.
ASKER
I tried to install the patch, but couldn't install.
> .. a default parameter in ASP.NET 2.0,
do you use that parameter? if not simply disable the corresponding script.
do you use that parameter? if not simply disable the corresponding script.
ASKER
Yes, we do
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did anything on this link help?