We ran a security scan for our application which is ASP.NET Web Forms and received the following report
Proof The parameter 'aspxerrorpath' has been injected a second time and the value 'was-tnb-wgbTfJMb' is present in the 'href' attribute of 'a' tag
Output The scanner was able to detect a possible Client-Side HTTP Parameter Pollution
That is how the IA404error.aspx is referenced in the Web.config
<customErrors mode="RemoteOnly" defaultRedirect="generalerror.aspx">
<error statusCode="404" redirect="IA404error.aspx" />
</customErrors>
The codebehind for the IA404error page is the following
public partial class IA404error : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
}
How can we mitigate this vulnerability?
Here is the solution that worked for us
protected void Page_Load(object sender, EventArgs e)
{
if (Request != null && Request.QueryString != null &&
drms_utilities.DoesQueryStringHaveSameParameters(Request.QueryString))
{
Response.Redirect("IA404error.aspx");
}
}
................
public static bool
DoesQueryStringHaveSameParameters(NameValueCollection parametersCollection )
{
foreach (string parameter in parametersCollection)
{
int times = parametersCollection.GetValues(parameter).Length;
if (times > 1)
{
return true;
}
}
return false;
}