Ravikanth's Blog

Happenings around Me

Disclaimer

India MVP Blogs

Mugh blogs

My

My Favorites

My Network Places

Step by Step - By passing .NET Validate Request

The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent classic web input validation attacks such as HTML injection and XSS (Cross-site Scripting). The following paper introduces script injection payloads that bypass ASP .NET web validation filters and also details the trial-and-error procedure that was followed to reverse-engineer such filters by analyzing .NET debug errors.

 

 

Paper: 

http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf

 

The original version of this paper was released in January 2006 for private CPNI distribution. This paper has now been updated in August 2008 to include additional materials such as input payloads that bypass the latest anti-XSS .NET patches (MS07-40) released in July 2007. 

 

Posted: Aug 29 2008, 04:32 AM by dvravikanth | with 17 comment(s)
Filed under: , ,

Comments

funny wallpaper » Step by Step - By passing .NET Validate Request said:

Pingback from  funny wallpaper » Step by Step - By passing .NET Validate Request

# August 29, 2008 5:02 AM

DotNetKicks.com said:

You've been kicked (a good thing) - Trackback from DotNetKicks.com

# August 29, 2008 8:07 AM

traslochi milano said:

Wow nice information you have here.Thanks for sharing

# November 27, 2009 12:41 AM

pocket cell phone jammer said:

And how about adding some more images?  I’m not trying to offend anyone, blog is really great. But as I’ve heard humans acquire info much more effective if they see certain helpful illustrations.

Lenny Page

# May 13, 2010 8:26 PM

uk escorts london said:

It was extremely interesting for me to read the blog. Thanx for it. I like such topics and everything connected to them. I would like to read more soon.

Anete Benedict

# May 16, 2010 6:23 PM

Perfect attitude said:

Truly it was extremely interesting for me to read the article. Thanx for it. I like such themes and everything that is connected to this matter. I definitely want to read a bit more on that blog soon.

# May 24, 2010 6:01 AM

high class escort said:

Rather interesting post to read it at least for me. BTW, why don't you place that article to social bookmarks? That can bring big traffic here.

# June 20, 2010 4:13 AM

Kate Hakkinen said:

Pretty cool site you've got here. Thanks for it. I like such themes and anything connected to them. I would like to read more on that blog soon.

Kate Hakkinen

<a href="escorttweets.com/">tall escorts</a>

# September 23, 2010 12:04 PM

Anete Benedict said:

It is extremely interesting for me to read this article. Thanx for it. I like such topics and everything connected to them. I definitely want to read a bit more soon.

Anete Benedict

<a href="kievcityescort.com/">kiev ukraine escorts</a>

# September 27, 2010 9:45 PM

escort latina said:

I definitely want to read a bit more soon. BTW, rather good design this blog has, but how about changing it every few months?

# October 22, 2010 9:54 AM

Katherine Kripke said:

It is certainly interesting for me to read that post. Thanx for it. I like such themes and everything connected to this matter. I definitely want to read a bit more soon. BTW, rather good design you have here, but how about changing it every few months?

Katherine  Kripke

<a href="www.baccaratgirls.com/">www escort service</a>

# October 28, 2010 6:01 PM

Brandy Meetington said:

Wow, pretty cool info. How can I find that RSS?

Brandy  Meetington

<a href="www.wirelesscameradetectors.com/">camera scramblers</a>

# November 25, 2010 3:53 PM

Joan Smith said:

Rather cool site you've got here. Thanks for it. I like such themes and everything that is connected to them. I definitely want to read a bit more on that blog soon.

Joan Smith

<a href="irelandescortdirectory.com/">escorts in ireland</a>

# December 6, 2010 6:30 AM

Kate Benedict said:

Nice page. Keep posting that way.  

Kate Benedict    

<a href="parisescort.info/">paris coquin call girls</a>

# December 20, 2010 6:13 AM

Bella Simpson said:

Rather interesting blog you've got here. Thanx for it. I like such topics and anything connected to them. I would like to read a bit more soon.

Bella Simpson

<a href="rome-escort.info/">incontri roma escort</a>

# January 6, 2011 3:43 PM

Avril Benedict said:

Rather cool place you've got here. Thanks the author for it. I like such topics and everything connected to them. I definitely want to read more soon.  

Avril Benedict  

<a href="nyescorts.net/">cheap escort nyc</a>

# January 22, 2011 1:35 PM

weblogs.asp.net said:

Step by step by passing net validate request.. Bully :)

# May 28, 2011 8:46 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)