Hi,
We are facing a vulnerability (Missing XML Validation) in Ajaxtoolkit form (Animation.cs) that the input source is not been validated properly,which was identified by HPFortify tool.
We are using the Version 3.5.60501.0
Is any new version has come to overcome this issue?
If not, could you please give me a solution for this?
The below code is for you reference.
private static int GetNumber(string source, string tag)
{
using (XmlTextReader reader = new XmlTextReader(new StringReader(source)))
{
if (reader.Read())
{
while (reader.Read())
{
if (string.Compare(reader.Name, tag, StringComparison.OrdinalIgnoreCase) == 0)
return reader.LineNumber;
if (reader.NodeType == XmlNodeType.Element && !reader.IsEmptyElement)
reader.Skip();
}
}
}
return 1;
}
HP Fortify Error Description:
The method GetNumber() in Animation.cs fails to enable validation before using XML on line 238, which gives an attacker the opportunity to supply malicious input.
Appreciate your help!
Thanks,
Jeyachandran S
We are facing a vulnerability (Missing XML Validation) in Ajaxtoolkit form (Animation.cs) that the input source is not been validated properly,which was identified by HPFortify tool.
We are using the Version 3.5.60501.0
Is any new version has come to overcome this issue?
If not, could you please give me a solution for this?
The below code is for you reference.
private static int GetNumber(string source, string tag)
{
using (XmlTextReader reader = new XmlTextReader(new StringReader(source)))
{
if (reader.Read())
{
while (reader.Read())
{
if (string.Compare(reader.Name, tag, StringComparison.OrdinalIgnoreCase) == 0)
return reader.LineNumber;
if (reader.NodeType == XmlNodeType.Element && !reader.IsEmptyElement)
reader.Skip();
}
}
}
return 1;
}
HP Fortify Error Description:
The method GetNumber() in Animation.cs fails to enable validation before using XML on line 238, which gives an attacker the opportunity to supply malicious input.
Appreciate your help!
Thanks,
Jeyachandran S