ASP.NET WebForms Form Action XSS Vunerability?
I have been working on addressing some vulnerabilities highlighted by the
Acunetix Web Scanner, in particular those relating to XSS.
www.mywebsite.com/signed-out/blahblah
due to the re-write rules the 'blahblah' is taken as a parameter of a
query string, ie.
www.mywebsite.com/internal/path/LoggedOut.aspx?reason=blahblah
What the tool has noticed is that you can enter
'javascript:prompt(919416);' as the queryString and ASP.NET seems to
modify the form action automatically to:
<form name="aspnetForm" method="post"
action="javascript:prompt(919416);?reason=session-expired%2fjavascript%3aprompt(919416)%3b"
id="aspnetForm">
Which reflects the input queryString. However:
Is this actually executable?
I can't seem to find how to stop ASP.NET modifying the form action.
I'm still new to this area, please be gentle! Any help and advice greatly
appreciated.
No comments:
Post a Comment