i have a full asp classic website and it has some cross side script bugs.
i scaned it and it found som errors like this:
Expand|Select|Wrap|Line Numbers
- Severity High Affects /search.asp DetailsThe GET variable yider has been set to %3C/xss/*-*/style=xss:e/**/xpression(alert(294762585))%3E. TypeValidation DescriptionThis script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
- Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. ImpactMalicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. RecommendationYour script should filter metacharacters from user input. Reported by moduleParameter manipulation References Acunetix Cross Site Scripting Attackhttp://www.acunetix.com/websitesecurity/cross-site-scripting.htm Security Focus - Penetration Testing for Web Applications (Part Two)http://www.securityfocus.com/infocus/1709 The Cross Site Scripting Faqhttp://www.cgisecurity.com/articles/xss-faq.shtml OWASP Cross Site Scriptinghttp://www.owasp.org/index.php/Cross_Site_Scripting XSS Annihilationhttp://ha.ckers.org/blog/20060602/xss-annihilation/ XSS cheat sheethttp://ha.ckers.org/xss.html PHP XSS (cross site scripting) filter functionhttp://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php Cross site scriptinghttp://en.wikipedia.org/wiki/Cross-site_scripting OWASP PHP Top 5http://www.owasp.org/index.php/PHP_Top_5 RequestGET /search.asp?yider=%3C/xss/*-*/style=xss:e/**/xpression(alert(294762585))%3E&btnsearch=%D8%AC%D8%B3%D8%AA%D8%AC%D9%88%20%D8%AF%D8%B1%20%D9%BE%D8%A7%D9%8A%DA%AF%D8%A7%D9%87 HTTP/1.0
- Accept: */*
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
- Host: www.mysite.com
- Cookie: ASPSESSIONIDSCASQTQB=CCIBHAOAGBLNHBNPIAGANGCM;Poll=PollID=2;ASP.NET_SessionId=2vn5ue45dygerf550seakc55;__utma=177195445.991742699.1180354728.1180354728.1180354728.1;path=/;expires=Tue, 27 Nov 2007 00:19:34 UTC;domain=acunetix.com;;__utmb=177195445;__utmc=177195445;__utmz=177195445.1180354775.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
- Connection: Close
- Pragma: no-cache
- ResponseHTTP/1.1 200 OK
- Connection: close
- Date: Mon, 28 May 2007 12:40:01 GMT
- Server: Microsoft-IIS/6.0
- X-Powered-By: ASP.NET
- Content-Length: 23900
- Content-Type: text/html; Charset=utf-8
- Cache-control: private
thanks,
M.H.H