|
|
Family: CGI abuses : XSS --> Category: attack
IIS 5.0 Sample App vulnerable to cross-site scripting attack Vulnerability Scan
Vulnerability Scan Summary
IIS 5.0 Sample App vulnerable to cross-site scripting attack
Detailed Explanation for this Vulnerability Test
The script /iissamples/sdk/asp/interaction/Form_JScript.asp
(or Form_VBScript.asp) allows you to insert information into a form
field and once submitted re-displays the page, printing the text you entered.
This .asp doesn't perform any input validation, and hence you can input a
string like:
.
More information on cross-site scripting attacks can be found at:
http://www.cert.org/advisories/CA-2000-02.html
Solution: Always remove sample applications from productions servers.
In this case, remove the entire /iissamples folder.
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|
