up vote -2 down vote favorite

****X-XSS-Protection: 1; mode block not working against reflected XSS****

In ASP.NET Application the Microsoft report viewer response/request is vulnerable

like ApplicationName/Reserved.ReportViewerWebControl.axd?ReportSession=ok5gmqqbjz2pn5isiqacf045&ControlID=ea0a9e89e25e44d78f4a5851d4cfdbeb&Culture=1033&UICulture=1033&ReportStack=1&OpType=SessionKeepAlive&TimerMethod=KeepAliveMethodcntPlcHolder_ReportViewer1TouchSession038999%3balert(1)%2f%2f705&CacheSeed=Mon%20Apr%2009%202018%2014%3A06%3A40%20GMT%2B0530%20(IST)

Check 38999%3balert(1)%2f%2f705 string after TouchSession0 which causes reflected XSS attack. now is anyone know solution for this.

share|improve this question
  • What are you asking here? I don't understand what the question is. – Anders 1 hour ago
  • Just showing the example of reflected xss attack i.e given and can you know how to prevent it? – vishal9796 1 hour ago
  • There seems to be an implementation of apche's mod_security to IIS check this announcement link blogs.technet.microsoft.com/srd/2012/07/26/… – bradbury9 1 hour ago

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.