dcsimg
Results 1 to 8 of 8

Thread: Help with coding / XSS vulnerabilites

  1. #1

    Thread Starter
    New Member
    Join Date
    Feb 2019
    Posts
    4

    Help with coding / XSS vulnerabilites

    I have some code, giving just the snippets since it's very involved in the middle bits...

    (lots of page code here)

    do stuff, and things, user clicks a button
    Code:
    Protected Sub btnSwitch_Click(sender As Object, e As EventArgs) Handles btnSwitch.Click
            Response.Redirect("OtherPage.aspx?ID=" + tbxHidden.Text + "&view=" + tbxViewHidden.Text)
    End Sub
    This is giving me the error that it unvalidated (even though it's chosen based on a click choice). How do I fix it? The problem is that the hiddentextbox value changes based on what the user clicks on, and there are over 100 options...

    and then on the other side, the receiving page says that it is XSS vulnerable because it needs to use the value sent to query for information...

    on new page
    Code:
    hiddentextbox.Text = Request.QueryString("ID")
    tbxViewHidden.Text = Request.QueryString("view")
    db.executedataset("Getmydata", ID)
    then draw page

    and then from this, the user can click again, sending the ID yet again to another page

    The ultimate goal is to not have the vulnerabilities of course... but i honestly have no idea how to fix them...
    Last edited by Shaggy Hiker; Mar 15th, 2019 at 03:02 PM. Reason: Added CODE tags.

  2. #2
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    33,882

    Re: Help with coding / XSS vulnerabilites

    Welcome to the forums. Based on the question, I assume that this is ASP.NET rather than a desktop application. Therefore, I moved the thread to that forum. I also added [CODE][/CODE] tags to better format the code. You can do this by pressing the # button and pasting code between the tags.
    My usual boring signature: Nothing

  3. #3

    Thread Starter
    New Member
    Join Date
    Feb 2019
    Posts
    4

    Re: Help with coding / XSS vulnerabilites

    thank you

  4. #4
    Superbly Moderated NeedSomeAnswers's Avatar
    Join Date
    Jun 2002
    Location
    Manchester uk
    Posts
    2,538

    Re: Help with coding / XSS vulnerabilites

    So your problem here is you are using a response.redirect AND building the redirect string which can leave vulnerabilities in your site where a hacker could potentially change your redirect string and push a user to somewhere else other than where you instead and do some damage.

    Have a read of this - https://portswigger.net/kb/issues/00...tion-reflected

    You have 2 ways round this either dont use response.redirect and instead use direct links OR continue to use response.redirect and instead of passing your data via the Query String instead store it in the Session. Storing you data in the session means it is available to all pages (and so will be available on your new page) until your session times out (you can set a session timeout length in your web config)
    Please Mark your Thread "Resolved", if the query is solved & Rate those who have helped you



  5. #5

    Thread Starter
    New Member
    Join Date
    Feb 2019
    Posts
    4

    Re: Help with coding / XSS vulnerabilites

    So, I hope I don't sound like i'm too retarded here...

    The reason we aren't using Session variables is because where we publish our App is phasing them out and going to encrypted cookies - which I don't know how to build into the code either.

    I do want to be compliant and not vulnerable but for some of this stuff I just can't think of a way to change it...

    I am building the string, but it's based on where a user clicks (it pulls a predetermined number)... so they can't actually modify the input unless they would physically change it in their own address bar...

    also, I have url links built by sql and loaded on to the page, so it still has the query behind it... does that also count?

    I was thinking I could put a verification on the receiving side to ensure that the query data was no more than 10 characters, would that be enough?

    And thank you so much!

  6. #6

    Thread Starter
    New Member
    Join Date
    Feb 2019
    Posts
    4

    Re: Help with coding / XSS vulnerabilites

    Didn't mean to double post....
    Last edited by _Frustrated_; Mar 27th, 2019 at 10:01 AM. Reason: Double Post...

  7. #7
    Superbly Moderated NeedSomeAnswers's Avatar
    Join Date
    Jun 2002
    Location
    Manchester uk
    Posts
    2,538

    Re: Help with coding / XSS vulnerabilites

    I am building the string, but it's based on where a user clicks (it pulls a predetermined number)... so they can't actually modify the input unless they would physically change it in their own address bar...
    It doesn't matter its the fact your using Response.redirect that is the issue.

    As soon as you add query string arguments to a resonse.redirect then you are introducing an XSS vulnerability

    As you cant build your links ahead of time as they need to reflect user choices on the page, then you need to find another way to pass the data.

    If you cant use session variables for whatever reason then unfortunately your going to be stuck learning about encrypted cookies and using them instead

    Encrypted cookies are actually less secure than using session variables but hey if that what you have to work with then you just get on with it.

    have a look at this post on encrypted cookies https://stackoverflow.com/questions/4360839/encrypt-cookies-in-asp-net
    Please Mark your Thread "Resolved", if the query is solved & Rate those who have helped you



  8. #8
    Superbly Moderated NeedSomeAnswers's Avatar
    Join Date
    Jun 2002
    Location
    Manchester uk
    Posts
    2,538

    Re: Help with coding / XSS vulnerabilites

    Code:
    so, I have url links built by sql and loaded on to the page, so it still has the query behind it... does that also count?
    If they dont use response.redirect then they are OK.

    There is nothing wrong with building a link address and then adding it as a link on page creation.
    Please Mark your Thread "Resolved", if the query is solved & Rate those who have helped you



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width