Microsoft ASP.NET ValidatePath Module
- 1 minuto de lecturaMicrosoft has released an ASP.NET HTTP module that webmasters can apply to their web server. This module will protect all ASP.NET applications against all potential canonicalization issues known to Microsoft.
Highly recommended to avoid the problems of the vulnerability associated with canonicalization!!!
Another solution for this vulnerability is to add the following code to global.asax:
void Application_BeginRequest(object source, EventArgs e)
{
if (Request.Path.IndexOf('\\') >= 0
System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath)
{
throw new HttpException(404, "not found");
}
}