As part of our company’s security test they have asked us to
find out the following:
Issue:
Our client exposed site is requesting Webresource.axd file with paramaters d and t as part of the web request but when the value of t parameter is modified as part of a penetration test it seems to comeback with an OK(200) responds instead of a custom error from our site.
Question:
Are you guys processing the t paramater as part of the GET request to Webrescource.axd? If you are, what do you expect to have in that t parameter as part of your processing (ex t is a timestamp or t is a number)?
Issue:
Our client exposed site is requesting Webresource.axd file with paramaters d and t as part of the web request but when the value of t parameter is modified as part of a penetration test it seems to comeback with an OK(200) responds instead of a custom error from our site.
Question:
Are you guys processing the t paramater as part of the GET request to Webrescource.axd? If you are, what do you expect to have in that t parameter as part of your processing (ex t is a timestamp or t is a number)?