Solved

Cross Site Scrpting and ASP.NET

Posted on 2009-06-30
8
521 Views
Last Modified: 2012-05-07
_LASTFOCUS, a default parameter in ASP.NET 2.0, is vulnerable to reflexif cross site scripting (CSS).

One suggested solution was to apply the patch MS06-056/KB922770 on the server. (Downloadable from http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx.)

Unfortunately, the patch is not getting installed. The below link from microsoft suggested re-installing the framework:
http://support.microsoft.com/kb/923100/

I did, but no luck - the patch would not install!

Any solutions? My main problem is to get rid of CSS - please suggest.
0
Comment
Question by:Jeevan Bordoloi
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:tpsl
ID: 24745376
http://support.microsoft.com/kb/922770

Did anything on this link help?
0
 
LVL 3

Author Comment

by:Jeevan Bordoloi
ID: 24751417
I tried to install the patch, but couldn't install.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 24777926
> .. a default parameter in ASP.NET 2.0,
do you use that parameter? if not simply disable the corresponding script.
0
 
LVL 3

Author Comment

by:Jeevan Bordoloi
ID: 24782707
Yes, we do
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 24782886
then I see following possibilities:
1) wait 'til you get an installable patch
2) fix the code
3) write a wrapper script which checks its input for XSS and forwards to the vulnerable script if the input matches your rules
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Easy responsive table out of existing table 28 55
imap mails 1 22
reverse email lookup 8 55
How to make a Gridview column hidden (visibility false) in the HTML code? 2 16
Ensuring effective and secure communication in the age of healthcare BYOD.
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question