Secunia Research Advisory - A vulnerability has been reported in ASP.NET, which can be exploited by malicious people to bypass the "Request Validation" security mechanism. The "Request Validation" mechanism designed to protect against Cross-Site Scripting and SQL injection allows restricted tags when they include a NULL byte. However, this is a problem since some browsers, like Internet Explorer, ignore NULL bytes when parsing input, which may cause them to execute the content in the tags anyway.
289ddf4085f312bb8fe0319c2b08e847dcf9dde239b04f3cf03bbd5c373a1e62
TITLE:
Microsoft ASP.NET Request Validation Bypass Vulnerability
SECUNIA ADVISORY ID:
SA9716
VERIFY ADVISORY:
http://www.secunia.com/advisories/9716/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
ASP.NET 1.x
DESCRIPTION:
A vulnerability has been reported in ASP.NET, which can be exploited
by malicous people to bypass the "Request Validation" security
mechanism.
The "Request Validation" mechanism designed to protect against
Cross-Site Scripting and SQL injection allows restricted tags when
they include a NULL byte. However, this is a problem since some
browsers (eg. Internet Explorer) ignore NULL bytes when parsing
input, which may cause them to execute the content in the tags
anyway.
Example:
<%00SCRIPT>alert(document.cookie)</SCRIPT>
The vulnerability has been reported in the ASP.Net 1.1 framework.
SOLUTION:
Don't rely on this security mechanism to protect against Cross-Site
Scripting and SQL injection attacks. Make sure that proper input
validation is built into web applications.
REPORTED BY / CREDITS:
WebCohort Research
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------