Asp.net ANti xss library validation bypass

186 views
Skip to first unread message

Saurabh Pundir

unread,
Sep 2, 2014, 2:47:23 AM9/2/14
to null-...@googlegroups.com
Hello null,
I was testing a website and i tried to figure out whether the site is xss vulnerable or not?
This website framework is Microsoft ASP.NET 2.0.50727. This framework is using some anti xss library . 
can anyone suggest me about the bypassing methods for this ??

renthoughts

unread,
Sep 2, 2014, 11:30:34 AM9/2/14
to null-...@googlegroups.com
Hi Saurabh,


1.

ASP.Net has a inbuilt feature to filter all the requests for malicious inputs like XSS. If the request processor finds a string value after the < symbol, then the Request filtering would kick in and throw an error message similar to "a potentially dangerous value was detected from ..."

A known vulnerability related to it is filed here - http://www.securityfocus.com/archive/1/464796.

This request filtering feature could be enabled at page level or site level. May be you would be lucky finding a page that has this feature turned off.

2.

If the request filtering is turned off, then the website may employ some kind of AntiXss library to filter input data. The popular framework to do this in the Microsoft stack is the Microsoft AntiXss library which is known for a vulnerability listed here - http://blog.watchfire.com/wfblog/2012/01/microsoft-anti-xss-library-bypass.html

3. The webpage may employ in-house custom written anti-xss libraries that you can bypass by trial and error.

Choose your fuzzing method based on the above points. If it is custom blacklist behind the filter you may have a better chance by trial and error.

to confirm if there is an Xss or not, please refer to the methodology per the recent G4H webcast - http://www.garage4hackers.com/showthread.php?t=6042 [Direct youtube link - https://www.youtube.com/watch?v=TKn5qdti66c]

Saurabh Pundir

unread,
Sep 3, 2014, 1:36:54 AM9/3/14
to null-...@googlegroups.com
Thanks rentthoughts .  I found it very usefull ..:)


--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages