TITLE:
Microsoft ASP.NET Request Validation Bypass Vulnerability

SECUNIA ADVISORY ID:
SA9716

VERIFY ADVISORY:
http://www.secunia.com/advisories/9716/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
ASP.NET 1.x

DESCRIPTION:
A vulnerability has been reported in ASP.NET, which can be exploited
by malicous people to bypass the "Request Validation" security
mechanism.

The "Request Validation" mechanism designed to protect against
Cross-Site Scripting and SQL injection allows restricted tags when
they include a NULL byte. However, this is a problem since some
browsers (eg. Internet Explorer) ignore NULL bytes when parsing
input, which may cause them to execute the content in the tags
anyway.

Example:
<%00SCRIPT>alert(document.cookie)</SCRIPT>

The vulnerability has been reported in the ASP.Net 1.1 framework.

SOLUTION:
Don't rely on this security mechanism to protect against Cross-Site
Scripting and SQL injection attacks. Make sure that proper input
validation is built into web applications.

REPORTED BY / CREDITS:
WebCohort Research

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web  : http://www.secunia.com/
E-mail  : support@secunia.com
Tel  : +45 7020 5144
Fax  : +45 7020 5145

----------------------------------------------------------------------