ScriptResource.axd Vulnerable Script When Test It With Shadow Security Scanner?

Mar 1, 2011

I was performed tests againts my web server using Shadow Security Scanner with the following results:

Web Servers : Vulnerable script
Port : 80
Description: Found vulnerable script on this web site
Risk level :High
Script: http://servername/ScriptResource.axd?d=P4tzN-eCJlchxi30M7K6eGzyH7tdeY4timDGCw0yDS45Ur477KM8CSqJQdqun4VDGbs5xXGPE 7VeqXqRIDyOHxwoopCbgbWmKFLiyKB1Qs5UDJTyZQYe4zURSEshSBwPOm1hORh40237AJZ_EWO2n2-3IwAzTY__px0r6WbIYgWamkVz0&t=/etc/passwd

Why ScriptResource.axd is a vulnerable script?

View 1 Replies

Similar Messages:

AJAX :: Change Height Of Modalpopupextender With Shadow - Shadow Does Not Change

Oct 28, 2010

I have a ModalPopupExtender with a Drop shadow. I am changing its height with Javascript (i.e. no callback to server). The drop shadow does not change height. Any work arounds? The code is something along these lines:


View 1 Replies

C# - Literal Control Vulnerable To XSS Attack?

Nov 1, 2010

I'm using a literal to display some javascript on a product page control. Basically what I'm doing is in my code behind I'm declaring a new stringbuilder, writing the script while inserting some dynamic variables to populate the script then setting the literal text to the stringbuilder. This leaves me open to xss attacks. What can I do to prevent this?

System.Text.StringBuilder sb = new System.Text.StringBuilder();
//loop through items in the collection
for (int i = 0; i < _prod.ActiveProductItemCollection.Count; i++)
sb.Append("<script type='text/javascript'>");
//add +1 to each item
sb.AppendFormat("mboxCreate("product_productpage_rec{0}",", i+1);

View 4 Replies

LINQ Statement Vulnerable To SQL Injection?

Sep 29, 2010

Is this LINQ statment vulnerable to SQL injection?

var result = from b in context.tests
where == inputTextBox.Text
select b;

where context is an Entity and tests is a table. I'm trying to learn LINQ and I thought that the benefit of it was that it wasn't vulnerable to sql injection, but some stuff I've see has said differently. Would I need to parametrize this LINQ statement to make it safer? If so, How? Also would this be considered linq to sql or linq to entities?

View 6 Replies

DataSource Controls :: Vulnerable To Sql Injection Attacks?

Jan 23, 2011

using a linqDataSource control... in the selecting event I have code like the following for a simple search feature:


In general, would dynamically building the 'Where' property of a linqDataSource be vulnerable to sql injection? Or does the control protect against this internally?

View 6 Replies

Why / When Session Writes Vulnerable To Thread Termination

Feb 15, 2010

Session["foo"] = "bar";


When foo.aspx reads "foo" from the session, it's not there. The session is there, but there's no value for "foo".
I've observed this intermittently in our production environment. But I don't mean here to ask a question about Response.Redirect().


Bertrand Le Roy explains (the bolding is mine): Now, what Redirect does is to send a special header to the client so that it asks the server for a different page than the one it was waiting for. Server-side, after sending this header, Redirect ends the response. This is a very violent thing to do. Response.End actually stops the execution of the page wherever it is using a ThreadAbortException. What
happens really here is that the session token gets lost in the battle. My takeaway there is that Response.Redirect() can be heavy-handed
with ending threads. And that can threaten my session writes if they occur too near that heavy-handedness.


What about ASP.NET session management makes it so vulnerable to this? The Response.Redirect() line of code doesn't begin its execution until the session write line is "finished" -- how can it be such a threat to my session write? What about the session write doesn't "finish" before the next line of code executes? Are there other scenarios in which session writes are similarly (as though they never occurred) lost?

View 3 Replies

Security :: Specify Credentials To Test A Web Page ?

Feb 8, 2010

Is there any way,in Visual Studio,to specify credentials to test a web page with rather than having to go through the process of logging in every time?is there some common technique to testing with different roles and logins?It's just really tedious to constantly have to login and navigate to a specific page to test.

View 2 Replies

Security :: Test The Login Control Without Writing Any Code?

Aug 9, 2010

I'm trying to test the login control without writing any code. According to Murachs book, you can drag and drop the login control onto a Login.aspx form. Use the ASP Configuration Security tool to create user, roles, and access rules for the website. And you should then be prompted for authentication. I created two folders in my website, admin and users. The admin folder has a admin.aspx form and the users folder has a users.aspx form. I also edited the access rules to only allow admin to access the admin.aspx and only allow user to access the users.aspx form.

View 4 Replies

What Needs To Be Set To Get Rid Of The White Under The Drop Shadow

Jan 20, 2010

I am trying to implement charting into one of my sites, and I am having a hard time styling the border to make it transparent.

I've attached a image so you can see what it is I am talking about. I have yet to figure out what needs to be set to get rid of the white under the drop shadow ...

If anyone has any ideas I would love to hear how to get rid of this ...

View 18 Replies

Security :: Membership / Roles On Test Machine And Final Server

Jun 18, 2010

Is it possible to have the same DB and web.config for both local development machine and the final production server(with forms authentication)? I'm asking this because if I change anything in the ASP.NET Configuration screen(should I use this at all?) I loose the ability to login. Don't know what to put in the <Membership><applicationName>, should it be /myapp-editor or just /, it's different since it runs on two different domains/servers(final server doesn't have an application dir, just root). How can I make sure that the user created on one server will be usable on the other machine?

View 3 Replies

Security :: Imersonation In C# / Logonusera Always Fails In Test And Production Environments?

Mar 23, 2010

In my project i'm using the concept of impersonation to implement "File Upload functionality".i.e.

to save the file uploaded to a network share.This n/w share is accessible to an application id only.So i'm impersonating with that user id when uploading a file. I'm importing "advapi32.dll" and using the LOGONUSERA method of that dll to validate the user and get the token for that userid and then impersonate using the Token returned. THis approach is working fine in the development environment but LOGONUSERA always fails in TEST and PRODUCTION environments. It always return "0" which means user id is invalid and the token is zero hence i cannot impersonate. Is it something related to accessing the dll in other environments? Any suggestions to resolve this issue will be a great helpp for us. We are hung with this issue for the past 5 days.

View 1 Replies

Appdomain - Add Directories To Shadow Copy?

Oct 30, 2010

In my ASP.NET app, I'm attempting to add another directory to be have the DLLs in it shadow copied.

The only method I found that will allow m to do this is AppDomain.CurrentDomain.SetShadowCopyPath.

However, this method is marked as Obsolete. MSDN has this to say about it

SetShadowCopyPath(String path) Message: AppDomain.SetShadowCopyPath has been deprecated. investigate the use of AppDomainSetup.ShadowCopyDirectories instead.

However, the AppDomainSetup.ShadowCopyDirectories property doesn't seem to change whenever I set a value to it.

AppDomain.CurrentDomain.SetupInformation.ShadowCopyDirectories = "mydirectory;bin"; string test = AppDomain.CurrentDomain.SetupInformation.ShadowCopyDirectories; // returns bin, which was the original directory

Is there a reason that it won't change and is there a work around?

View 1 Replies

C# - Is A New Thread In A Visual Studio Test Project Aborted When The Test Ends

May 15, 2010

i have to do some message exchange with a 3rd party (in a website).When the client posts a page, i start the message exchange. When that doesn't succeed for some reason, i report this to the client by rendering the page with a message.On the background, in a separate thread, i start a process to send abort messages to the 3rd party. I can't do this while the user is waiting for the page to come back, because it might take a few minutes.But in a test project, the test ends when the message to the 3rd party is sent, and after the new thread is started. But it seems that the new thread also ends, when the test is done.

Is that normal behaviour?I do start the thread in a new class with a reference to 2 objects from the class which tries to send the message in the first place, may that be a problem?EDIT: it keeps running when the whole process is started in IIS

View 1 Replies

AJAX :: Remove The Black Shadow From ModalPopupExtender?

Feb 2, 2010

remove the black ugly shadow from modalpopupextender?

View 2 Replies

AJAX :: Panel Shadow Effect In 2 Of Its Borders?

Mar 7, 2011

How to make for ASP Panel Shadow Effect in 2 of its Borders

View 1 Replies

How To Use Scanner

Jan 23, 2010

how can i use scaaner in

View 1 Replies

AJAX :: Increase The Shadow Offset Or Width In DropShadowExtender?

Sep 27, 2010

I don't see any properties, but thought I'd ask to see if there way to increase the width of the shadow or offset of shadow from the pop-up panel or div I'm displaying?

I just want to make the pop-up appear to "stand-out" a littlle more.

runat="server" TargetControlID="pnlPopUp"
Rounded="false" TrackPosition="true"

View 2 Replies

Create An Image With Drop Shadow On Text Programatically In VB.NEt?

Nov 1, 2010

I'm currently building an intranet engine for a project I've got on the go at the moment, and I'd like to save myself a little time by generating header images from code where possible, however, I'd like it to match our concept image.What I'd like to achieve is below:My issue is I've not the faintest how to create that from code. I can do the absolute basics but that's about it.

I start to fall down when it comes to the gradient background and the drop shadow on the text. I can get away with positioning the text on the larger header image, so if it's not possible to generate the exact gradient I have there, then I have a work around for that, but what I really want to achieve is the text with the font and drop shadow.I'd say it's safe to assume that to use a "non-standard" font, I'd merely need to install it on the web server?

View 1 Replies

AJAX :: Drop Shadow Extender Inside A Tab Container?

Mar 26, 2010

There has been a couple times now that I have tried to have a panel inside a Tab Page of the Tab Container. Each time I run into the same problem. The extenders drop shadow property wont work. The rounded property of the drop shadow extender works fine but for the life of me I cant get the drop shadow to appear. Every other time this has happened I have just given up the search for the answer and left out the drop shadows because it wasnt a big deal but this time I think it would really make my page look good so I decided it was about time i posted something about this issue. (run-on sentences are my specialty)

The following code will recreate the bug / problem I am having


View 1 Replies

AJAX :: Get The DropShadowExtender To Throw A Shadow On Both Sides Of A Panel?

Jun 12, 2010

Is it possible to get the DropShadowExtender to throw a shadow on both sides of a Panel? I can get it on either left or right, but not that it is right behind the panel, giving the impression that the item is lifted slightly from the page.

If it can not be done with DropShadowExtender, is there another way to do this without actual background graphic?

View 1 Replies

Using WPF Hardware Accelerated Drop Shadow In Server-side?

Jun 23, 2010

I'd like to run drop shadow on Bitmap class in ASP.NET and I'd be really happy if GPU could do that. Any chance of this happening?Update: I'd like to do that on server side. It doesn't really have to be ASP.NET app, it could be console app or windows service.

View 2 Replies

Scanner ActiveX In .net?

Jun 28, 2010

I made a proje in which makes scan,resize...I used wia(Windows Image Acquisition).if I,m in local when I press scan button project works.but I published this project on the web it does not work on the web.I heart I need to write a activex control to work client scanner.however I do not have any idea to write it.

View 1 Replies

Use Scanner In Application?

May 21, 2010

I have a barcode scanner(Symbol-ls2208) but i dont know how to read information from it to my application (in C#). Can anyone help me in this problem with sample code? Os: Windows XP.scanner: Symbol LS2208 General Purpose Bar Code Scanner

View 2 Replies

JQuery :: Apply Rounded Corners And Drop Shadow Style On A Box?

Mar 5, 2011

how i can apply rounded corners and drop shadow style on a box with jQuery?

View 1 Replies

Connect Scanner In Web Application (2.0/C#)?

Jan 5, 2010

I want to scan images/documents from client machine scanner and uploaded with thumbnails to server using my
web application (ASP.Net 2.0/C#)

View 4 Replies

Copyrights 2005-15, All rights reserved