Signature Detail

HTTP: IIS ASP Request Validation Flaw Exploitation

This signature detects attempts to exploit a known vulnerability in Microsoft ASP.NET framework. The ASP.NET feature "Request Validation" is designed to prevent XSS (Cross-Site Scripting) in ASP applications. Due to an implementation flaw, attackers can send HTTP parameters encoded with a NULL character to pass the validation filter; these parameters are then correctly intepreted by Web browsers (including IE6).

Extended Description

Request Validation, a feature included in ASP.NET 1.1, may not adequately sanitize hostile user-supplied input. ASP scripts that depend on Request Validation to sanitize user-supplied input may still be prone to cross-site scripting or HTML injection attacks as a result. Request Validation may be bypassed by including a null byte (%00) in malicious user-supplied input. It should be noted that this can also create a false sense of security, since the expectation is that Request Validation should sufficiently sanitize hostile input.

Affected Products

• Microsoft ASP.NET 1.1

References

• BugTraq: 8562
• URL: http://securityfocus.com/archive/1/336563/2003-09-05/2003-09-11/0