FIX: Embedded Null Characters May Bypass Request Script Validation

Article translations Article translations
Article ID: 821349 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

SYMPTOMS

Embedded null characters in some postions in a URL may not be detected as tags and may bypass the request script validation functionality.

CAUSE

This problem occurs because during parsing, the ASPNET scripting tag detection mechanism looks for an angle bracket ("<") that is followed by a letter or by an exclamation point ("!"). When the tag detection mechanism finds a null character instead, the script does not see the angle bracket ("<") as a tag.

To reproduce this problem, follow these steps:
  1. Create a simple Web page, and name it echo.aspx.
  2. Add the following code to echo.aspx:
    <%
    	Response.Write(Request.QueryString("stringtext"))
    %>
  3. Request the page by using an embedded null character after the opening. For example, go to the following URL:
    http://localhost/echo.aspx?stringtext=<%00script>alert('Hello');</script>
    The request will render script or active content. The expected result is a request validation error or inert content.

RESOLUTION

How to Obtain the Hotfix

This issue is fixed in the June 2003 ASP.NET Hotfix Package 1.1. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
821156 INFO: ASP.NET 1.1 June 2003 Hotfix Rollup Package
You cannot obtain this fix individually. You must install the rollup.

Note When you request this hotfix, you receive the rollup. The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
	           Date         Time   Version       Size       File name
		   -----------------------------------------------------------------------
		   07-Jun-2003  00:44  1.1.4322.910    253,952  Aspnet_isapi.dll
		   07-Jun-2003  00:44  1.1.4322.910     20,480  Aspnet_regiis.exe
		   07-Jun-2003  00:44  1.1.4322.910     32,768  Aspnet_wp.exe
		   15-May-2003  23:49                   33,522  Installpersistsqlstate.sql
		   15-May-2003  23:49                   34,150  Installsqlstate.sql
		   07-Jun-2003  12:52  1.1.4322.910  1,216,512  System.dll
		   07-Jun-2003  00:39                   14,472  Webuivalidation.js
		   07-Jun-2003  12:52  1.1.4322.910  1,249,280  System.Web.dll

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Properties

Article ID: 821349 - Last Review: February 27, 2014 - Revision: 2.3
APPLIES TO
  • Microsoft Visual Studio .NET 2003 Enterprise Architect
  • Microsoft Visual Studio .NET 2003 Enterprise Developer
  • Microsoft Visual Studio .NET 2003 Professional Edition
  • Microsoft ASP.NET 1.1
Keywords: 
kbnosurvey kbarchive kbhotfixserver kbqfe kbnetframe100presp3fix kbfix kbhttp kbqfe kbbug KB821349

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com