Jun 18, 2013, 7:02 AM
[CLOSED] FormPanel Url XSS
Hi,
If you call page below with this querystring "?_dc=javascript:alert(1);", xss is not being filtered and it can be seen in output (url:"/test.aspx?_dc=javascript:alert(1);").
Is there a way to filter it?
Vzx
If you call page below with this querystring "?_dc=javascript:alert(1);", xss is not being filtered and it can be seen in output (url:"/test.aspx?_dc=javascript:alert(1);").
Is there a way to filter it?
<%@ Page Language="C#" %>
<%@ Register Assembly="Ext.Net" Namespace="Ext.Net" TagPrefix="ext" %>
<!DOCTYPE html>
<html>
<head id="Head1" runat="server">
<title>Ext.NET XSS</title>
</head>
<body>
<form id="Form1" runat="server">
<ext:ResourceManager ID="ResourceManager1" runat="server">
</ext:ResourceManager>
<ext:FormPanel runat="server">
<Items>
</Items>
</ext:FormPanel>
</form>
</body>
</html>
Thanks,Vzx
Last edited by Daniil; Jun 19, 2013 at 5:21 PM.
Reason: [CLOSED]