Welcome to weblogs.com.pk Sign in | Join | Help

Protect your web-applications from ASP.NET vulnerability

ASP.NET has a vulnerability exploiting which one can bypass the Asp.Net authentication features. To protect your site use the following code in your Global.asax.cs


void Application_BeginRequest(object source, EventArgs e)


if (   Request.Path.IndexOf('\\') >= 0 ||

System.IO.Path.GetFullPath(Request.PhysicalPath) !=



throw new HttpException(404, "Not Found");



Published Thursday, October 7, 2004 12:09 AM by khurram


No Comments

New Comments to this post are disabled