Quantcast
Channel: AjaxControlToolkit Work Item Rss Feed
Viewing all articles
Browse latest Browse all 4356

Commented Issue: Cross site scripting security bug in ToolkitScriptManager.cs [26694]

$
0
0
(Originally reported by fdevedrines)

The value of the _TSM_HiddenField_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b05b\'%3balert(1)//508e8ca2e0a was submitted in the _TSM_HiddenField_ parameter. This input was echoed as 6b05b\\';alert(1)//508e8ca2e0a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The mitigation is two fold:
1) Encapsulate the request parameter in double quotation marks
2) Validate the request parameter and trim any potential malicious data

fdevedrines wrote Mar 1 at 1:40 PM
The patch is available at http://ajax.codeplex.com/Project/Download/FileDownload.aspx?DownloadId=108879

Comments: Has this issue been resolved in the current versions of the toolkit? We have had injection attempts against our sites recently via this method, and need to know this is no longer a risk. Btw, the link is no longer available.

Viewing all articles
Browse latest Browse all 4356

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>