Welcome to weblogs.com.pk Sign in | Join | Help

Protect your web-applications from ASP.NET vulnerability

ASP.NET has a vulnerability exploiting which one can bypass the Asp.Net authentication features. To protect your site use the following code in your Global.asax.cs

 

void Application_BeginRequest(object source, EventArgs e)

{

if (   Request.Path.IndexOf('\\') >= 0 ||

System.IO.Path.GetFullPath(Request.PhysicalPath) !=

Request.PhysicalPath)

{

throw new HttpException(404, "Not Found");

}

}

Published Thursday, October 7, 2004 12:09 AM by khurram

Comments

No Comments

New Comments to this post are disabled