Solved

Problems with page

Posted on 2014-02-19
1
403 Views
Last Modified: 2014-02-19
I have a page that filters a recordset, creates a session variable then redirects.

I ran a scan and found the following vulnerabilities:

---

Server responded 200 to unnecessarily large random request body(over 64 KB) for URL https://www.domain... etc ... , significantly increasing attacker's chances to prolong slow HTTP POST attack.

It has been detected by exploiting the parameter ASPSESSIONIDSUTBABRD
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication:
In order to detect this content, no authentication has been required.
Access Path:
Here is the path followed by the scanner to reach the exploitable URL:

How can I secure this page to prevent this errors from happening ?
code.txt
0
Comment
Question by:amucinobluedot
1 Comment
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 39870962
For sure you need to turn off parent paths.  It was common prior to iis7 to have them on. Then iis7 turned this off by default and many asp dev's turned it on so their scripts would not break.   The parent path thing can allow people to get outside of your web root.

http://www.iis.net/learn/application-frameworks/running-classic-asp-applications-on-iis-7-and-iis-8/classic-asp-parent-paths-are-disabled-by-default

The only thing you will need to change in your scripts for the most part are your include files.

This
<!--#include file="Connections.asp" -->
Would convert to
<!--#include virtual="/Connections.asp" -->
Or if it is in your connections folder
<!--#include virtual="/connections/Connections.asp" -->

Basically, links starting with ../ will need to be converted.


Why are you using client side to go to the next page?
<script language="javascript">
window.location.href="forgotpasswordsent.asp";
</script>

Open in new window

response.redirect will do it on the server before the page renders.
<%
response.redirect("forgotpasswordsent.asp")
%>

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Select2 jquery help 9 74
drop down navigation on mobile devices adds spaces 3 75
C# GridRow get Old/New Value 1 55
Widget to get customer remakrs in our website. 3 42
Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…
The viewer will learn how to dynamically set the form action using jQuery.

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now