Feeds

MS bitten by old .NET vulnerability

Cross-site scripting again

  • alert
  • submit to reddit

Intelligent flash storage arrays

Numerous installations of Microsoft ASP.NET are vulnerable to cross-site scripting (CSS), according to a recent post by Johannes Westerink to the BugTraq mailing list.

CSS leverages JavaScript and makes it possible to place a malicious URL in an e-mail or on a Web site, which if followed will compromise the user's machine by various means, including exposing shares and/or retrieving data files such as cookies.

JavaScript can also be executed on a remote server using malicious URLs. There are numerous possible attacks; but for one common example, a 404 page may be generated with the added bonus of full path disclosure.

Examples discovered by Westerink include:

http://www.msn.com/~/&ltscript&gtalert(document.cookie)</script&gt.aspx?aspxerrorpath=null
http://my.msn.com/~/&ltscript&gtalert(document.cookie)</script&gt.aspx?aspxerrorpath=null
http://dotnet.microsoft.com/&ltscript&gtalert(document.cookie)</script&gt.aspx
http://terraserver.microsoft.net/&ltscript&gtalert(document.cookie)</script&gt.aspx
http://support.microsoft.com/~/&ltscript&gtalert(document.cookie)</script&gt.aspx?aspxerrorpath=null
http://office.microsoft.com/~/&ltscript&gtalert(document.cookie)</script&gt.aspx?aspxerrorpath=null
http://communities.microsoft.com/~/&ltscript&gtalert(document.cookie)</script&gt.aspx
http://uddi.microsoft.com/~/&ltscript&gtalert(document.cookie)</script&gt.aspx

Westerink says he contacted MS about the issue six months ago but never got a reply.

Meanwhile, Internet security and privacy consultant Richard M. Smith, who now maintains the site ComputerBytesMan.com, "checked in with Microsoft about this problem and was told that this is a known bug that was fixed in ASP.NET before the final software was shipped."

So MS got the message all right, but somehow neglected to mention it to anyone, or even thank Westerink for bringing it to their attention.

"The various Microsoft Web servers that still have the bug are running pre-release versions of ASP.NET," Smith adds. "It looks like Microsoft also has trouble keeping up with security patches and updates."

One hopes they'll have got this sorted by press time.... ®

Choosing a cloud hosting partner with confidence

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.