I worked on fixing some of the vulnerabilities highlighted by Acunetix Web Scanner , in particular those related to XSS .
www.mywebsite.com/signed-out/blahblah
due to rewriting rules, "blahblah" is taken as a query string parameter, i.e.
www.mywebsite.com/internal/path/LoggedOut.aspx?reason=blahblah
What the tool noticed is that you can enter javascript:prompt(919416); , since queryString and ASP.NET seem to automatically change the action of the form:
<form name="aspnetForm" method="post" action="javascript:prompt(919416);?reason=session-expired%2fjavascript%3aprompt(919416)%3b" id="aspnetForm">
Which reflects the input request String. But:
- Is this a really executable file?
- I cannot find how to stop ASP.NET by changing the action of the form.
I'm still new to this area, be careful! Any help and advice was greatly appreciated.
source share