jetlib.sec » Bugtraq » Microsoft Anti-XSS Library Bypass (MS12-007)

Feeds

132963 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Bugtraq

• January 19, 2012
• 

  Microsoft Anti-XSS Library Bypass (MS12-007)

  Posted: January 19th, 2012, 7:15am PST

  Tags:   

  Posted by adic on Jan 19

  Introduction
  -------------
  Microsoft Anti-XSS Library is used to protect applications from Cross-Site Scripting attacks, by providing methods for
  input sanitization.
  
  Vulnerability
  -------------
  Microsoft Anti-XSS Library 3.0 and 4.0 are vulnerable to an attack in which an attacker is able to create a specially
  formed CSS, that after passing through the GetSafeHTML or GetSafeHtmlFragment methods, contains an expression that
  triggers a...