jcdux
February 7th, 2002, 10:57 AM
from TheRegister (http://theregister.co.uk/content/4/23967.html)
and also info here (http://www.securityfocus.com/archive/1/254001)
Brief details...
Numerous installations of Microsoft ASP.NET are vulnerable to cross-site scripting (CSS), according to a recent post by Johannes Westerink to the BugTraq mailing list.
CSS leverages JavaScript and makes it possible to place a malicious URL in an e-mail or on a Web site, which if followed will compromise the user's machine by various means, including exposing shares and/or retrieving data files such as cookies.
JavaScript can also be executed on a remote server using malicious URLs. There are numerous possible attacks; but for one common example, a 404 page may be generated with the added bonus of full path disclosure.
and also info here (http://www.securityfocus.com/archive/1/254001)
Brief details...
Numerous installations of Microsoft ASP.NET are vulnerable to cross-site scripting (CSS), according to a recent post by Johannes Westerink to the BugTraq mailing list.
CSS leverages JavaScript and makes it possible to place a malicious URL in an e-mail or on a Web site, which if followed will compromise the user's machine by various means, including exposing shares and/or retrieving data files such as cookies.
JavaScript can also be executed on a remote server using malicious URLs. There are numerous possible attacks; but for one common example, a 404 page may be generated with the added bonus of full path disclosure.