1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

ASP VBScript Code Injection

Variants:
Direct Persistent Session 

Also Known As:
ASP Remote Dynamic Code Evaluation

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
ASP Classic

Target Type:
Web Application

Affected Mechanisms:
Input Validation. Syntax Escaping

Invented In:
12/06/2011

Added In:
08/12/2014


Vector Operation Method:
Malicious inputs can affect the structure of server-side classic ASP VBScript Syntax code which is generated dynamically


Direct Variant:

ASP VBS Injection

Also Known As:
ASP Remote Dynamic Code Evaluation

Typical Severity:
Critical

Resources:

OWASP Attacks

Other I

White Papers:

Learn More:


Persistent Variant:

Stored ASP VBS Injection

Also Known As:
Persistent ASP VBS Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More:


Session Variant:

ASP VBS Injection via Session Puzzling

Also Known As:
Session ASP VBS Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More:




TECAPI ©

Join