www.webdeveloper.com
Results 1 to 2 of 2

Thread: ASP Security

  1. #1
    Join Date
    Sep 2011
    Posts
    64

    ASP Security

    Hello all,

    What are a couple of ways a malicous hacker could craft a xmlhttprequest object to try and "post" asp code to an asp page?

    Sub Story() 'I love a little VB humor evey now and again, lol
    For example, lets take an AJAX app. A bored hacker surfs his way to my page that has an AJAX app. The hacker first, clears the temporary internet files on his computer and then refreshes the page so that only the files from MY website are there for he/she to inspect. "Ah, this looks like an interesting .js file. hmmm..." and therein lies the xmlhttprequest object making a call to an asp page on my server.
    End Sub

    Ok, so really that is all they need, right?! Now, a skilled person who understands javascript, vbscript, asp, the http protocol and the Windows OS, can begin crafting and very "crafty" javascript file to try and hack my server, right?

    So, can ya help me further understand defending this type of attack. Because, by that rationale, every single asp page that exists should have a defense script built in. It may not be as vulnerable as I am thinking. So, if someone could share some of the light, it is pretty dark over here.

    Thanks!!

  2. #2
    Join Date
    Jan 2008
    Location
    Florida
    Posts
    1,227
    If you validate all incoming requests you'll be OK

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles