Results 1 to 3 of 3

Thread: Bypassing ASP validaterequest?

  1. #1
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010

    Default Bypassing ASP validaterequest? enables validaterequest filter by default on its installation. For those unfamiliar with this, it is essentially a filter that checks for potential malicious cross site scripting and injections into forms.

    Reading ProCheckup's research paper, they formulated attack vectors mainly revolving around this to bypass the filter:

    <~/XSS/*- */STYLE=xss:e/**/xpression(alert('XSS'))>
    However, this was 2 years ago, and it appears to not work any longer with the most recent patches (I found a post of a user during my googling who is experimenting the same results as well).

    My google-fu may be weak, however I have not come upon anything new, has anyone else? Tips? I also noticed quite a few people bashing on the validaterequest filter within the past year on other forums saying it is weak, however with no reason as to why it is weak. If anyone can shed some light on this as well, it would be much appreciated.

    I am performing these tests legally, and am just seeking to better myself in the web assessment division.

  2. #2
    Good friend of the forums
    Join Date
    Jun 2008

    Default Re: Bypassing ASP validaterequest?

    Hi Liuser
    I'm guessing because of the ~ ,IIS could be looking for chars in the ranch of 0x01-0x20/25, and stop reading whats after that, maybe some strcmp function, some parts of code in the function that does length checking can break out, like a null was sent , eg x3ax11x11x11, but there are 100s of dwords that can do it, the code above might at the start might have one of those combinations
    in google chrome
    has the same type of logic , in the url bar, the ? stopps reading it as a address , but a var
    just a guess
    Last edited by compaq; 08-18-2010 at 02:17 AM.

  3. #3
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010

    Default Re: Bypassing ASP validaterequest?

    I appreciate the input and lead compaq. You have me thinking about what is occurring under the hood of ASP. I will integrate your suggestions while I continue my fuzzing.

Similar Threads

  1. Bypassing Firewalls in Ettercap + Wireshark
    By zals07 in forum Beginners Forum
    Replies: 1
    Last Post: 05-27-2010, 09:11 AM
  2. Bypassing Mac filter
    By Isohump in forum OLD Wireless
    Replies: 3
    Last Post: 01-18-2010, 07:33 PM
  3. Replies: 4
    Last Post: 06-17-2009, 01:04 PM
  4. Bypassing cisco PIX IOS v6.x.x with nmap question
    By demonize in forum OLD Newbie Area
    Replies: 5
    Last Post: 07-27-2008, 11:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts