Bug 6699 - XSS vulnerability in Mono's ASP.NET implementation.
Summary: XSS vulnerability in Mono's ASP.NET implementation.
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Web (show other bugs)
Version: 2.10.x
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2012-08-27 06:40 UTC by filip
Modified: 2012-08-27 06:40 UTC (History)
1 user (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description filip 2012-08-27 06:40:29 UTC
I'm currently using 2.10.x on a Debian server. 
I'm running an ASP.NET MVC 3 application. 

It seems that when I query http://www.myserver.com/NONEXISTANTURL, without any custom error pages configured, I get the standard "Server Error in '/' Application" page saying "The resource cannot be found". The offending URL is repeated on the page, but without sanitizing it first.

The result is that when I query http://www.myserver.com/<h1>HELLO</h1> the HTML is included verbatim. I'm sure someone with more time can cause interesting XSS problems this way.

I've tried it on a few Mono sites that I know in production. Works on all of those who don't have a custom error page set up.

Note You need to log in before you can comment on or make changes to this bug.