XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.
There are many different attacks that can be leveraged through the use of XSS, including:
Hi-jacking users' active session
Changing the look of the page within the victims browser.
Mounting a successful phishing attack.
Intercept data and perform man-in-the-middle attacks.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Bing "Likes" Facebook - Discover Bing</title>
<li><a href="/Activities/MakeLocalPlans" >Make Local Plans<small>Plan a night out.</small></a></li>
<li><a href="/Activities/BePrepared" >Start Your Day<small>Be prepared.</small></a></li>
<li><a href="/Activities/BeHealthy" >Be Healthy<small>Know more. Feel better.</small></a></li>
<li><a href="/Activities/FindFlights" >Plan a Beach Holiday<small>Find flight deals.</small></a></li>
<li><a href="/Activities/SocialSearch" class = active>Bing "Likes" Facebook<small>Social Search</small></a></li>
</div> <div class="right">
<div class="white-box"> <img alt="" class="greyborder" src="http://az10143.vo.msecnd.net/sitecore/dbing/media/Images/socialsearch/module1.jpg" /> <h3>Facebook profile search</h3><p>Find old friends or discover new ones through Facebook Profile Search on Bing. When you search for people ..
Netsparker identified that the target web server is disclosing ASP.NET version in the HTTP response. This information can help an attacker to develop further attacks and also the system can become an easier target for automated attacks. It was leaked from X-AspNet-Version banner of HTTP response or default ASP.NET error page.
An attacker can use disclosed information to harvest specific security vulnerabilities for the version identified. The attacker can also use this information in conjunction with the other vulnerabilities in the application or web server.
Apply the following changes on your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.
Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.
An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.