Input returned in response (reflected) asp.net vulnerablility

Question

I have a web application running on asp.net webforms on framework 4.0. A third party company performed a security assessment and identified couple of vulnerabilities, one of which says.

S.No.3: Input returned in response (reflected)
Risk: Medium
Description: Reflection of input arises when data is copied from a request and echoed into the application's immediate response.

As POC they have shared below image in which input value is highlighted in yellow I searched the internet but i am not able to understand about what to do with this. How can i resolve this vulnerability. What is the solution for this.

You should use [HtmlAttributeEncode](https://stackoverflow.com/a/2463278/1115360) when setting the value of an HTML tag's attribute. More info: [Do I encode ampersands in ?](https://stackoverflow.com/a/3705601/1115360) — Andrew Morton, Sep 11 '19 at 13:18

score 0 · Answer 1 · answered Apr 06 '22 at 06:21

0

You should use ModelState.Clear(); on serverside so that your input will not get reflected in the response. For additional info about ModelState.Clear() Refer

answered Apr 06 '22 at 06:21

Ajay Chauhan

1

Input returned in response (reflected) asp.net vulnerablility

1 Answers1