public void ValidateInput_XSS_Unicode () { string problem = "http://server.com/attack2.aspx?test=%uff1cscript%uff1ealert('vulnerability')%uff1c/script%uff1e"; string decoded = HttpUtility.UrlDecode (problem); int n = decoded.IndexOf ('?'); HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1)); request.ValidateInput (); // the next statement throws Assert.AreEqual ("\xff1cscript\xff1ealert('vulnerability')\xff1c/script\xff1e", request.QueryString ["test"], "QueryString"); }
public void ValidateInput_XSS_Null () { string problem = "http://secunia.com/?test=<%00SCRIPT>alert(document.cookie)</SCRIPT>"; string decoded = HttpUtility.UrlDecode (problem); int n = decoded.IndexOf ('?'); HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1)); request.ValidateInput (); // the next statement throws Assert.AreEqual ("<SCRIPT>alert(document.cookie)</SCRIPT>", request.QueryString ["test"], "QueryString"); }
public override void ValidateInput() { w.ValidateInput(); }
public override void ValidateInput() { _httpRequest.ValidateInput(); }
void IHttpHandler.ProcessRequest(HttpContext context) { // VSWhidbey 448844: Disable handler if retail is set to true if (DeploymentSection.RetailInternal || (!context.Request.IsLocal && HttpRuntime.Profile.LocalOnly)) { HttpException e = new HttpException(403, null); e.SetFormatter(new TraceHandlerErrorFormatter(!DeploymentSection.RetailInternal)); throw e; } _context = context; _response = _context.Response; _request = _context.Request; _writer = Page.CreateHtmlTextWriterInternal(_response.Output, _request); // if we're in integrated mode, we need to set the content type explicitly if (context.WorkerRequest is IIS7WorkerRequest) { _response.ContentType = _request.Browser.PreferredRenderingMime; } if (_writer == null) { // Can't create a writer, horked at this point, just return return; } _context.Trace.IsEnabled = false; // Validate the input to prevent XSS attacks. _request.ValidateInput(); _writer.Write("<html>\r\n"); _writer.Write("<head>\r\n"); _writer.Write(StyleSheet); _writer.Write("</head>\r\n"); _writer.Write("<body>\r\n"); _writer.Write("<span class=\"tracecontent\">\r\n"); if (!HttpRuntime.Profile.IsConfigEnabled) { HttpException e = new HttpException(); e.SetFormatter(new TraceHandlerErrorFormatter(false)); throw e; } IList datasets = HttpRuntime.Profile.GetData(); // first check if we should clear data if (_request.QueryString["clear"] != null) { HttpRuntime.Profile.Reset(); string url = _request.RawUrl; _response.Redirect(url.Substring(0, url.IndexOf("?", StringComparison.Ordinal))); } // then check if we are drilling down string strid = _request.QueryString["id"]; if (strid != null) { int index = Int32.Parse(strid, CultureInfo.InvariantCulture); if (index >=0 && index < datasets.Count) { ShowDetails((DataSet) datasets[index]); ShowVersionDetails(); _writer.Write("</span>\r\n</body>\r\n</html>\r\n"); return; } } // if we get here, its just generic request ShowRequests(datasets); ShowVersionDetails(); _writer.Write("</span>\r\n</body>\r\n</html>\r\n"); }