更新时间:2022-10-28 18:04:47
ContentPlaceHolder1
TabContainer1
TabPanel3
How to prevent cross-site scripting security issues which returned in app scan as high vulnerability.
See the scan result below:
Entity: Parameter:ctl00$ContentPlaceHolder1$TabContainer1$TabPanel3$txtSearches
Risk(s): It is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user,
allowing the hacker to view or alter user records, and to perform transactions as that user
Fix: Filter out hazardous characters from user input
ctl00%24ContentPlaceHolder1%24TabContainer1%24TabPanel3%24txtSearches=1234"/>%uff1cscript%uff1ealert%uff081312%uff09%uff1c/script%uff1e
After got the scan result I added regular expression validation to txtSearches textbox to block non-alphanumeric inputs and rescaned the application but again returned the same vulnerability.
ContentPlaceHolder1
TabContainer1
TabPanel3