Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: attack

IIS 5.0 Sample App vulnerable to cross-site scripting attack Vulnerability Scan


Vulnerability Scan Summary
IIS 5.0 Sample App vulnerable to cross-site scripting attack

Detailed Explanation for this Vulnerability Test

The script /iissamples/sdk/asp/interaction/Form_JScript.asp
(or Form_VBScript.asp) allows you to insert information into a form
field and once submitted re-displays the page, printing the text you entered.
This .asp doesn't perform any input validation, and hence you can input a
string like:
.

More information on cross-site scripting attacks can be found at:

http://www.cert.org/advisories/CA-2000-02.html

Solution: Always remove sample applications from productions servers.
In this case, remove the entire /iissamples folder.
Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.