This page features a few common examples of vulnerable classic ASP & ASP.NET code that Syhunt can find and ASP scanning capabilities that are available in the product.
Table of contents
Intelligent ASP Scanning
False Positive Examples
Syhunt comes with advanced engine able to avoid triggering false positive results. Example - this vulnerability will not be reported:
<%@ Page Language="C#"%> <% // This was a XSS vulnerability. I commented it out // Response.Write(Request.QueryString["name"]); /* Response.Write(Request.QueryString["name"]); */ %>
The code above is not vulnerable anymore since it has been commented out. Syhunt scan results for this example code will consequently reveal no flaws:
No vulnerabilities found.
XSS
See: Cross-Site Scripting (XSS)
Examples
These are very basic XSS examples.
ASP.NET/Classic ASP
<% Response.Write(Request.Form["name"]); Response.Write(Request.QueryString["name"]); %>
Syhunt scan results for this example code:
Found: 3 vulnerabilities In /xss.aspx (source code, locally), on line 2: Possible XSS Vulnerability In /xss.aspx (source code, locally), on line 3: Possible XSS Vulnerability
ASP.NET
<%@ Page Language="C#"%> <script runat="server"> void SubmitBtn _Click(object sender, EventArgs e) { Response.Write(InputText.Text); } </script> <html> <body> <form id="form1" runat="server"> <asp:TextBox ID="InputText" Runat="server" TextMode="MultiLine" Width="300px" Height="150px"> </asp:TextBox> <asp:Button ID="SubmitBtn" Runat="server" Text="Submit" OnClick="SubmitBtn _Click"/> </form> </body> </html>
Syhunt scan results for this example code:
Found: 1 vulnerability In /xss_runatsrv.aspx (source code, locally), on line 4: Possible XSS Vulnerability
File Inclusion Detection
See: File Inclusion
Example
<% Server.Execute(Request.QueryString["file"]) %>
Syhunt scan results for this example code:
Found: 1 vulnerability In /fi_basic.aspx (source code, locally), on line 2: Possible File Inclusion Vulnerability
SQL Injection Detection
See: SQL Injection
Example
<%@Page Language="C#"%> <%@ Import NameSpace="System.Data" %> <%@ Import NameSpace="System.Data.SqlClient" %> <% // Dynamic SQL SqlDataAdapter myCommand = new SqlDataAdapter("SELECT au_lname, au_fname FROM authors WHERE au_id = '" + Request.QueryString["SSN"] + "'", myConnection); // Stored Procedure SqlDataAdapter myCommand = new SqlDataAdapter("LoginStoredProcedure '" + Request.QueryString["SSN"] + "'", myConnection); %>
Syhunt scan results for this example code:
Found: 1 vulnerability In /sqli_ms.aspx (source code, locally), on lines 6,8: Possible SQL Injection Vulnerability
Additional Vulnerability Classes & Variants
While Syhunt contains checks for many vulnerability variants, this page doesn't cover them all. In addition to the vulnerability classes covered in this page, Syhunt detects HTTP Response Splitting, remote command execution and arbitrary file manipulation issues.