• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft ASP.NET AutoPostBack Variable Cross-Site Scripting Vulnerability

Microsoft ASP.NET is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input before it is rendered in the browser of an unsuspecting user in the context of the affected site.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user, with the privileges of the victim userâ??s account. This may help the attacker steal cookie-based authentication credentials, retrieve sensitive information, and launch other attacks.