by

Research Paper: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks

The intent of this paper is to help Chief Security Officers (CSO) to better understand the vulnerabilities in default installations of Microsoft .NET, and then to take remedial steps to  secure them.

This document is an external file. Please click here to download.

Vendor informed:
13 January 2006

Credits:
Richard Brain of ProCheckUp (www.procheckup.com)

Legal:
Copyright 2013 ProCheckUp Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.