问题
I am running netspark vulnerability test and it flags following url
http://localhost:54923/search/'ns='netsparker(0x005AAD)
I am not able to understand what 'ns='netsparker(0x005AAD) is this part or how to fix this issue i am sanitizing input /search/searchkeyword to make user ENcoding the input also
User enter the keyword in search input box and then page is redirected with search page with the search keyword http://localhost:54923/search/apple
1> it doesn't contain and JS script
if (filterInput.Contains("onmouseover") || filterInput.Contains("script") || filterInput.Contains("</style>") || filterInput.Contains("</script>") || filterInput.Contains("<") || filterInput.Contains("%3c") || filterInput.Contains("?") || filterInput.Contains("%3f") || filterInput.Contains("alert") )
{
search = System.Web.HttpUtility.HtmlEncode(filterInput);
Response.Write("Invalid Search");
Response.End();
}
2> I am adding below line to web.config to make it bit more secure
<httpRuntime targetFramework="4.5" requestValidationMode="2.0" enable="true" encoderType="System.Web.Security.AntiXss.AntiXssEncoder,System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
Based on this i have few question
- What is 'ns='netsparker(0x005AAD) in the url does it represent js
- How can i prevent this
- Measures which i have taken is fine or i need to do more.
After adding few security steps, netsparket still flags it as xss. How can i fix this so that its not flagged
回答1:
Basically the current code sanitization is based on a blacklist which is a bad practice.
In this specific case you don't need to sanitize but rather Encode the incoming input.
The ASP.Net Input validation in also based on blacklist which is also not secure.
来源:https://stackoverflow.com/questions/52052565/vulnerability-scanner-for-asp-net-flags-cross-site-scripting