Quantcast
Channel: AjaxControlToolkit Work Item Rss Feed
Viewing all articles
Browse latest Browse all 4356

Commented Issue: Cross site scripting security bug in ToolkitScriptManager.cs [26694]

$
0
0
(Originally reported by fdevedrines)

The value of the _TSM_HiddenField_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b05b\'%3balert(1)//508e8ca2e0a was submitted in the _TSM_HiddenField_ parameter. This input was echoed as 6b05b\\';alert(1)//508e8ca2e0a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The mitigation is two fold:
1) Encapsulate the request parameter in double quotation marks
2) Validate the request parameter and trim any potential malicious data

fdevedrines wrote Mar 1 at 1:40 PM
The patch is available at http://ajax.codeplex.com/Project/Download/FileDownload.aspx?DownloadId=108879

Comments: Could someone please let me know whether the reported issue be resolved?

Viewing all articles
Browse latest Browse all 4356

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>