More on Cross-Site Scripting
While web controls are used for the majority of UI elements in ASP.Net, it is possible to
write directly to the output stream. To write to the output stream directly, developers use
the Response.Write method. This method performs no output encoding and its use
with non-encoded or unfiltered user input is an immediate red flag. A good technique to
use when auditing a closed source .Net web application is to use .Net Reflector and
search for references to the Response.Write method. Doing this simple search can
sometimes help increase the understanding of the application and in the best cases,
identify points where user input is being placed directly into the page??™s output.
Sometimes when creating XSS exploits, an attacker may find vulnerabilities that occur
when a form is submitted to a web site using the POST method. XSS exploits using
POST can be more difficult to author as an attacker but an interesting coding construct in
ASP.Net can sometimes make the attacker??™s job a little bit easier. Traditionally, form data
in an ASP.Net application is accessed using the Page.Form index property. Using the
Page.Form property requires that information be posted to the page as part of an HTTP
Post form.
Pages:
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251