|
I get an email whenever there's an error on my webapps. We recently initiated a service to do Red-Siren testing; e.g., testing for any security issues.
Got an error message today.
Of most interest, and danged funny at that, is the unedited, verbatim "Error Message" from Microsoft's lovely .NET Framework ... (emphasis added)
URL: https : / / www.RedactedWebSite.com /SomeWebApp/ThatLoginPage.aspx?ReturnUrl=%2fSomeWebApp%2fDefault.aspx%3faction%3dppr&action=ppr%3CScript%20%3Ealert(%22HelloSIG%22)%3C/Script%3E
Error Date: [redacted]
Error Message: A potentially dangerous Request.QueryString value was
detected from the client (action="ppr<Script >alert("Hell..."
Albeit a little late (going on 7+ years of .NET programming...), thanks for the warning Microsoft!
|
|
|
|
|