What are a couple of ways a malicous hacker could craft a xmlhttprequest object to try and "post" asp code to an asp page?
Sub Story() 'I love a little VB humor evey now and again, lol
For example, lets take an AJAX app. A bored hacker surfs his way to my page that has an AJAX app. The hacker first, clears the temporary internet files on his computer and then refreshes the page so that only the files from MY website are there for he/she to inspect. "Ah, this looks like an interesting .js file. hmmm..." and therein lies the xmlhttprequest object making a call to an asp page on my server. End Sub
So, can ya help me further understand defending this type of attack. Because, by that rationale, every single asp page that exists should have a defense script built in. It may not be as vulnerable as I am thinking. So, if someone could share some of the light, it is pretty dark over here. :eek:
01-28-2013, 04:14 PM
If you validate all incoming requests you'll be OK