Null Byte Injection in ASP.NET 4.7

tsakumar...

SOLVED CLOSED ACTIVE ANSWERED
User: tsakumar81
Posted: 21 hours ago
Forum: ASP.Net Web Forms
Replies: 1
Views: 68

I enabled <customErrors> section of the web.config file in ASP.NET application.

code: <customErrors mode="On" defaultRedirect="~/Errors/Error.aspx">

DAST scan reports the below Null Byte Injection vulnerability, kindly advise on the fix.

Unusual behavior by null characters injection can introduce vulnerabilities within the system or application scope. Attacker can manipulate a request to execute or read a system file.

Download FREE API for Word, Excel and PDF in ASP.Net

Mudassar

0 1

Reply
User: Mudassar
Replied: 20 hours ago
Report

Custom Error mode will not save from any attacks. may I know how the data is inserted?

Is it from URL or Form? And do you add check for NULL before inserting?

I agree, here is the link: https://www.e-iceblue.com/Introduce/spire-office-for-net-free.html

Description

Description is required.

Null Byte Injection in ASP.NET 4.7

Company

Explore

Follow us

Contact Us