Udostępnij za pośrednictwem


Catch the security flaw #1

I will be from time to time, putting up flawed code as an open question on this blog. Those who can catch the flaw please do post about it in the comments section (preferably with the repro steps). After a few days, I will post the flaw and its countermeasure.

Here is the first one:-

Comments

  • Anonymous
    January 23, 2008
    The comment has been removed

  • Anonymous
    January 23, 2008
    Dunno if its a security flaw, but that is not a valid ASPX comment!

  • Anonymous
    January 23, 2008
    The ValidateRequest attribute should be set to true to prevent script injection attacks.

  • Anonymous
    February 02, 2008
    ValidateRequest=false.....:)