473,507 Members | 6,459 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

asp classic website debug

1 New Member
hi,
i have a full asp classic website and it has some cross side script bugs.
i scaned it and it found som errors like this:


Expand|Select|Wrap|Line Numbers
  1. Severity High Affects /search.asp DetailsThe GET variable yider has been set to %3C/xss/*-*/style=xss:e/**/xpression(alert(294762585))%3E. TypeValidation DescriptionThis script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
  2.  
  3. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. ImpactMalicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. RecommendationYour script should filter metacharacters from user input. Reported by moduleParameter manipulation References Acunetix Cross Site Scripting Attackhttp://www.acunetix.com/websitesecurity/cross-site-scripting.htm Security Focus - Penetration Testing for Web Applications (Part Two)http://www.securityfocus.com/infocus/1709 The Cross Site Scripting Faqhttp://www.cgisecurity.com/articles/xss-faq.shtml OWASP Cross Site Scriptinghttp://www.owasp.org/index.php/Cross_Site_Scripting XSS Annihilationhttp://ha.ckers.org/blog/20060602/xss-annihilation/ XSS cheat sheethttp://ha.ckers.org/xss.html PHP XSS (cross site scripting) filter functionhttp://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php Cross site scriptinghttp://en.wikipedia.org/wiki/Cross-site_scripting OWASP PHP Top 5http://www.owasp.org/index.php/PHP_Top_5 RequestGET /search.asp?yider=%3C/xss/*-*/style=xss:e/**/xpression(alert(294762585))%3E&btnsearch=%D8%AC%D8%B3%D8%AA%D8%AC%D9%88%20%D8%AF%D8%B1%20%D9%BE%D8%A7%D9%8A%DA%AF%D8%A7%D9%87 HTTP/1.0
  4. Accept: */*
  5. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
  6. Host: www.mysite.com
  7. Cookie: ASPSESSIONIDSCASQTQB=CCIBHAOAGBLNHBNPIAGANGCM;Poll=PollID=2;ASP.NET_SessionId=2vn5ue45dygerf550seakc55;__utma=177195445.991742699.1180354728.1180354728.1180354728.1;path=/;expires=Tue, 27 Nov 2007 00:19:34 UTC;domain=acunetix.com;;__utmb=177195445;__utmc=177195445;__utmz=177195445.1180354775.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
  8. Connection: Close
  9. Pragma: no-cache
  10. ResponseHTTP/1.1 200 OK
  11. Connection: close
  12. Date: Mon, 28 May 2007 12:40:01 GMT
  13. Server: Microsoft-IIS/6.0
  14. X-Powered-By: ASP.NET
  15. Content-Length: 23900
  16. Content-Type: text/html; Charset=utf-8
  17. Cache-control: private
now how can i fix them?
thanks,
M.H.H
Jul 9 '07 #1
0 1601

Sign in to post your reply or Sign up for a free account.

Similar topics
5
2926
Classic ASP Debugging with VS.NET installed
by: Velvet | last post by:
Can someone tell me to what process I need to attach to be able to step through my classic ASP code in VS.net 2003. I'm working on an XP box with IIS installed. I also have VS.net 2005 (The...
ASP.NET
2
3663
Execute asp.net .exe from classic ASP.
by: UnglueD | last post by:
Hello. I have written a console application in ASP.NET that will move an order from a website database and send it to an ERP database. Nothing special here, just reads from the database and...
ASP.NET
5
3868
How does one debug ASP Classic with VWD Express?
by: =?Utf-8?B?SmltIFJvZGdlcnM=?= | last post by:
My question is simple: How does one debug ASP Classic with Microsoft Visual Web Developer Express 2005 ("VWD")? Looming in the back of anyone's mind when you see a posting like this on any...
ASP / Active Server Pages
1
3495
How to debug classic ASP pages during AJAX calls in ASP.NET website
by: andwan0 | last post by:
I have a legacy classic ASP website with lots of classic AJAX (many ASP files specially made for processing AJAX requests). We are slowly migrating the website to ASP.NET 2.0 and developing under...
ASP.NET
0
7223
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7314
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7372
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
7030
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
5623
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
3191
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
1540
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
758
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
411
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us