none
AppScan reports SQL Injection vulnerability with ScriptResource.axd RRS feed

  • Question

  • IBM security scanning AppScan tool reports SQL injection because of the "t" parameter to the ScriptResource.axd. Is there a justification from Microsoft that ScriptResource does not perform any SQL call?

    Alternatively, is there a way to disable ScriptResource.axd completely?

    • Moved by Damon Bu - MSFT Sunday, September 1, 2013 11:19 PM
    • Moved by Elvis Long Monday, September 2, 2013 6:39 AM correct forum
    Sunday, September 1, 2013 5:51 PM

Answers

  • Hi erovich,

    Welcome to MSDN forums.

    This forum is to discuss the issue of .NET Framework Class Libraries. Your question is not related the topic of this forum.

    In my Opinion, the thread is more related to the ASP.NET forum where you can contact ASP.NET experts.

    To solve it ASAP, I would suggest you post it in the ASP.NET forum for more efficient responses.

    ASP.NET forum: http://forums.asp.net

    Thanks for your understanding.

    Regards,

    Damon


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.


    Monday, September 2, 2013 1:01 PM