cyphersec A blog about Web Application Security and .NET development best practices

29Apr/090

ASP.NET Hack: Open a page in a new browser tab using Response.Redirect and JavaScript

StringBuilder javascriptInjector = new StringBuilder();
javascriptInjector.Append("<script language='javascript'>");
javascriptInjector.Append("window.open('");
javascriptInjector.Append("~/Folder/Page.aspx?QueryStringValue=Value");
javascriptInjector.Append("');");
javascriptInjector.Append("</script>");

string vPath = javascriptInjector.ToString().Replace("~", Request.ServerVariables["PATH_INFO"]);
Response.Write(javascriptInjector);

About Alessio Marziali

Alessio Marziali (MCTS) is a Security Consultant with 9 years of experience developing secure applications with Microsoft .NET in a variety of sectors in UK and Italy. Published technical author with two ASP.NET books currently available for purchase and OWASP Code Crawler Project Leader.
Filed under: .NET, Hacking, Pro ASP.NET Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


CAPTCHA image

No trackbacks yet.

« OWASP CC 2.4 (new screenshots) Hackers for Charity, I’m in! »

who$

Stories about a developer living in the security world.

get in touch$

I'm on twitter. alessiomarziali and Linkedin.

recent-stories$

archive$list

tags$show