Microsoft ASP.NET Request Validation Null Byte Filter Bypass Vulnerability

Request Validation, a feature included in ASP.NET 1.1, may not adequately sanitize hostile user-supplied input. ASP scripts that depend on Request Validation to sanitize user-supplied input may still be prone to cross-site scripting or HTML injection attacks as a result. Request Validation may be bypassed by including a null byte (%00) in malicious user-supplied input.

It should be noted that this can also create a false sense of security, since the expectation is that Request Validation should sufficiently sanitize hostile input.


Privacy Statement
Copyright 2010, SecurityFocus