Results 1 to 2 of 2

Thread: Microsoft ASP.NET are vulnerable to cross-site scripting (CSS)

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    429

    Microsoft ASP.NET are vulnerable to cross-site scripting (CSS)

    from TheRegister

    and also info here

    Brief details...

    Numerous installations of Microsoft ASP.NET are vulnerable to cross-site scripting (CSS), according to a recent post by Johannes Westerink to the BugTraq mailing list.

    CSS leverages JavaScript and makes it possible to place a malicious URL in an e-mail or on a Web site, which if followed will compromise the user's machine by various means, including exposing shares and/or retrieving data files such as cookies.

    JavaScript can also be executed on a remote server using malicious URLs. There are numerous possible attacks; but for one common example, a 404 page may be generated with the added bonus of full path disclosure.

  2. #2
    Banned
    Join Date
    Oct 2001
    Posts
    1,459
    Its pathetic.... .NET hasnt even been fully released yet and there are security holes already Leave it up to Microsoft to make the buggies products ever

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •