0

I have started working on a webforms application built in .net 2.0 using VS 2005. I am kind of new to web application

When I am clicking on a Menu item which is <li/> tag and capture the request in burp and Changed the Url to "obgv0%22%3e%3cscript%3ealert('XSS HACKED')%3c%2fscript%3et48bw"

Here I am getting getting a pop-up-"XSS HACKED" and it indicates that it is vulnerable.

I tried to find exact solution of this problem on net. but unlucky so far.

  1. So please help me in solving it

I tried to replicate the scenario in VS 2015 by creating an empty web application. but it seems Microsoft put a permanent fix for this. If someone can guide me the way Microsoft implemented it and help me in understanding the same. that will be great.

damaged URL "obgv0%22%3e%3cscript%3ealert('XSS HACKED')%3c%2fscript%3et48bw"
  1. Need help in solving the problem in .net 2.0 application
  2. Need support in understanding the way Microsoft implemented the fix for newer versions of .net
Aksen P
  • 4,564
  • 3
  • 14
  • 27
Suresh Kharod
  • 51
  • 1
  • 7

1 Answers1

0

We have removed the cookies from the page and implement the server side validation to solve the vulnerability.

This is not a suggested solution for all the XSS issues. Solutions is Vulnerability Specific.

Suresh Kharod
  • 51
  • 1
  • 7
  • Looks like, you have answered your own question, whereas your solution is itself a stopgap measure. – surajs1n Aug 14 '19 at 09:30