TITLE: Microsoft ASP.NET Request Validation Bypass Vulnerability SECUNIA ADVISORY ID: SA9716 VERIFY ADVISORY: http://www.secunia.com/advisories/9716/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: ASP.NET 1.x DESCRIPTION: A vulnerability has been reported in ASP.NET, which can be exploited by malicous people to bypass the "Request Validation" security mechanism. The "Request Validation" mechanism designed to protect against Cross-Site Scripting and SQL injection allows restricted tags when they include a NULL byte. However, this is a problem since some browsers (eg. Internet Explorer) ignore NULL bytes when parsing input, which may cause them to execute the content in the tags anyway. Example: <%00SCRIPT>alert(document.cookie) The vulnerability has been reported in the ASP.Net 1.1 framework. SOLUTION: Don't rely on this security mechanism to protect against Cross-Site Scripting and SQL injection attacks. Make sure that proper input validation is built into web applications. REPORTED BY / CREDITS: WebCohort Research ---------------------------------------------------------------------- Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Contact details: Web : http://www.secunia.com/ E-mail : support@secunia.com Tel : +45 7020 5144 Fax : +45 7020 5145 ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------