ScriptResource.axd Vulnerable Script When Test It With Shadow Security Scanner?
Mar 1, 2011
I was performed tests againts my web server using Shadow Security Scanner with the following results:
Web Servers : Vulnerable script
Port : 80
Description: Found vulnerable script on this web site
Risk level :High
Script: http://servername/ScriptResource.axd?d=P4tzN-eCJlchxi30M7K6eGzyH7tdeY4timDGCw0yDS45Ur477KM8CSqJQdqun4VDGbs5xXGPE 7VeqXqRIDyOHxwoopCbgbWmKFLiyKB1Qs5UDJTyZQYe4zURSEshSBwPOm1hORh40237AJZ_EWO2n2-3IwAzTY__px0r6WbIYgWamkVz0&t=/etc/passwd
CVE : GENERIC-MAP-NOMATCH
Why ScriptResource.axd is a vulnerable script?
View 1 Replies
Similar Messages:
Oct 28, 2010
I have a ModalPopupExtender with a Drop shadow. I am changing its height with Javascript (i.e. no callback to server). The drop shadow does not change height. Any work arounds? The code is something along these lines:
[Code]....
View 1 Replies
Nov 1, 2010
I'm using a literal to display some javascript on a product page control. Basically what I'm doing is in my code behind I'm declaring a new stringbuilder, writing the script while inserting some dynamic variables to populate the script then setting the literal text to the stringbuilder. This leaves me open to xss attacks. What can I do to prevent this?
System.Text.StringBuilder sb = new System.Text.StringBuilder();
//loop through items in the collection
for (int i = 0; i < _prod.ActiveProductItemCollection.Count; i++)
{
sb.Append("<script type='text/javascript'>");
//add +1 to each item
sb.AppendFormat("mboxCreate("product_productpage_rec{0}",", i+1);
[code]...
View 4 Replies
Sep 29, 2010
Is this LINQ statment vulnerable to SQL injection?
var result = from b in context.tests
where b.id == inputTextBox.Text
select b;
where context is an Entity and tests is a table. I'm trying to learn LINQ and I thought that the benefit of it was that it wasn't vulnerable to sql injection, but some stuff I've see has said differently. Would I need to parametrize this LINQ statement to make it safer? If so, How? Also would this be considered linq to sql or linq to entities?
View 6 Replies
Jan 23, 2011
using a linqDataSource control... in the selecting event I have code like the following for a simple search feature:
[Code]....
In general, would dynamically building the 'Where' property of a linqDataSource be vulnerable to sql injection? Or does the control protect against this internally?
View 6 Replies
Feb 15, 2010
THE CODE:
Session["foo"] = "bar";
Response.Redirect("foo.aspx");
THE PROBLEM:
When foo.aspx reads "foo" from the session, it's not there. The session is there, but there's no value for "foo".
I've observed this intermittently in our production environment. But I don't mean here to ask a question about Response.Redirect().
THE EXPLANATION:
Bertrand Le Roy explains (the bolding is mine): Now, what Redirect does is to send a special header to the client so that it asks the server for a different page than the one it was waiting for. Server-side, after sending this header, Redirect ends the response. This is a very violent thing to do. Response.End actually stops the execution of the page wherever it is using a ThreadAbortException. What
happens really here is that the session token gets lost in the battle. My takeaway there is that Response.Redirect() can be heavy-handed
with ending threads. And that can threaten my session writes if they occur too near that heavy-handedness.
THE QUESTION:
What about ASP.NET session management makes it so vulnerable to this? The Response.Redirect() line of code doesn't begin its execution until the session write line is "finished" -- how can it be such a threat to my session write? What about the session write doesn't "finish" before the next line of code executes? Are there other scenarios in which session writes are similarly (as though they never occurred) lost?
View 3 Replies
Feb 8, 2010
Is there any way,in Visual Studio,to specify credentials to test a web page with rather than having to go through the process of logging in every time?is there some common technique to testing with different roles and logins?It's just really tedious to constantly have to login and navigate to a specific page to test.
View 2 Replies
Aug 9, 2010
I'm trying to test the login control without writing any code. According to Murachs book, you can drag and drop the login control onto a Login.aspx form. Use the ASP Configuration Security tool to create user, roles, and access rules for the website. And you should then be prompted for authentication. I created two folders in my website, admin and users. The admin folder has a admin.aspx form and the users folder has a users.aspx form. I also edited the access rules to only allow admin to access the admin.aspx and only allow user to access the users.aspx form.
View 4 Replies
Jan 20, 2010
I am trying to implement charting into one of my sites, and I am having a hard time styling the border to make it transparent.
I've attached a image so you can see what it is I am talking about. I have yet to figure out what needs to be set to get rid of the white under the drop shadow ...
If anyone has any ideas I would love to hear how to get rid of this ...
View 18 Replies
Jun 18, 2010
Is it possible to have the same DB and web.config for both local development machine and the final production server(with forms authentication)? I'm asking this because if I change anything in the ASP.NET Configuration screen(should I use this at all?) I loose the ability to login. Don't know what to put in the <Membership><applicationName>, should it be /myapp-editor or just /, it's different since it runs on two different domains/servers(final server doesn't have an application dir, just root). How can I make sure that the user created on one server will be usable on the other machine?
View 3 Replies
Mar 23, 2010
In my project i'm using the concept of impersonation to implement "File Upload functionality".i.e.
to save the file uploaded to a network share.This n/w share is accessible to an application id only.So i'm impersonating with that user id when uploading a file. I'm importing "advapi32.dll" and using the LOGONUSERA method of that dll to validate the user and get the token for that userid and then impersonate using the Token returned. THis approach is working fine in the development environment but LOGONUSERA always fails in TEST and PRODUCTION environments. It always return "0" which means user id is invalid and the token is zero hence i cannot impersonate. Is it something related to accessing the dll in other environments? Any suggestions to resolve this issue will be a great helpp for us. We are hung with this issue for the past 5 days.
View 1 Replies
Oct 30, 2010
In my ASP.NET app, I'm attempting to add another directory to be have the DLLs in it shadow copied.
The only method I found that will allow m to do this is AppDomain.CurrentDomain.SetShadowCopyPath.
However, this method is marked as Obsolete. MSDN has this to say about it
SetShadowCopyPath(String path) Message: AppDomain.SetShadowCopyPath has been deprecated. investigate the use of AppDomainSetup.ShadowCopyDirectories instead.
However, the AppDomainSetup.ShadowCopyDirectories property doesn't seem to change whenever I set a value to it.
AppDomain.CurrentDomain.SetupInformation.ShadowCopyDirectories = "mydirectory;bin"; string test = AppDomain.CurrentDomain.SetupInformation.ShadowCopyDirectories; // returns bin, which was the original directory
Is there a reason that it won't change and is there a work around?
View 1 Replies
May 15, 2010
i have to do some message exchange with a 3rd party (in a website).When the client posts a page, i start the message exchange. When that doesn't succeed for some reason, i report this to the client by rendering the page with a message.On the background, in a separate thread, i start a process to send abort messages to the 3rd party. I can't do this while the user is waiting for the page to come back, because it might take a few minutes.But in a test project, the test ends when the message to the 3rd party is sent, and after the new thread is started. But it seems that the new thread also ends, when the test is done.
Is that normal behaviour?I do start the thread in a new class with a reference to 2 objects from the class which tries to send the message in the first place, may that be a problem?EDIT: it keeps running when the whole process is started in IIS
View 1 Replies
Feb 2, 2010
remove the black ugly shadow from modalpopupextender?
View 2 Replies
Mar 7, 2011
How to make for ASP Panel Shadow Effect in 2 of its Borders
View 1 Replies
Jan 23, 2010
how can i use scaaner in asp.net
View 1 Replies
Sep 27, 2010
I don't see any properties, but thought I'd ask to see if there way to increase the width of the shadow or offset of shadow from the pop-up panel or div I'm displaying?
I just want to make the pop-up appear to "stand-out" a littlle more.
<ajaxToolkit:DropShadowExtender
ID="dse"
runat="server" TargetControlID="pnlPopUp"
Opacity=".15"
Rounded="false" TrackPosition="true"
/>
View 2 Replies
Nov 1, 2010
I'm currently building an intranet engine for a project I've got on the go at the moment, and I'd like to save myself a little time by generating header images from code where possible, however, I'd like it to match our concept image.What I'd like to achieve is below:My issue is I've not the faintest how to create that from code. I can do the absolute basics but that's about it.
I start to fall down when it comes to the gradient background and the drop shadow on the text. I can get away with positioning the text on the larger header image, so if it's not possible to generate the exact gradient I have there, then I have a work around for that, but what I really want to achieve is the text with the font and drop shadow.I'd say it's safe to assume that to use a "non-standard" font, I'd merely need to install it on the web server?
View 1 Replies
Mar 26, 2010
There has been a couple times now that I have tried to have a panel inside a Tab Page of the Tab Container. Each time I run into the same problem. The extenders drop shadow property wont work. The rounded property of the drop shadow extender works fine but for the life of me I cant get the drop shadow to appear. Every other time this has happened I have just given up the search for the answer and left out the drop shadows because it wasnt a big deal but this time I think it would really make my page look good so I decided it was about time i posted something about this issue. (run-on sentences are my specialty)
The following code will recreate the bug / problem I am having
[Code]....
[Code]....
View 1 Replies
Jun 12, 2010
Is it possible to get the DropShadowExtender to throw a shadow on both sides of a Panel? I can get it on either left or right, but not that it is right behind the panel, giving the impression that the item is lifted slightly from the page.
If it can not be done with DropShadowExtender, is there another way to do this without actual background graphic?
View 1 Replies
Jun 23, 2010
I'd like to run drop shadow on Bitmap class in ASP.NET and I'd be really happy if GPU could do that. Any chance of this happening?Update: I'd like to do that on server side. It doesn't really have to be ASP.NET app, it could be console app or windows service.
View 2 Replies
Jun 28, 2010
I made a proje in asp.net which makes scan,resize...I used wia(Windows Image Acquisition).if I,m in local when I press scan button project works.but I published this project on the web it does not work on the web.I heart I need to write a activex control to work client scanner.however I do not have any idea to write it.
View 1 Replies
May 21, 2010
I have a barcode scanner(Symbol-ls2208) but i dont know how to read information from it to my application (in C#). Can anyone help me in this problem with sample code? Os: Windows XP.scanner: Symbol LS2208 General Purpose Bar Code Scanner
View 2 Replies
Mar 5, 2011
how i can apply rounded corners and drop shadow style on a box with jQuery?
View 1 Replies
Jan 5, 2010
I want to scan images/documents from client machine scanner and uploaded with thumbnails to server using my
web application (ASP.Net 2.0/C#)
View 4 Replies
