C Sharp Stack Trace Written To Response
Description
Detects when exception details or stack traces are written directly to HTTP responses in C# applications. Exposing detailed error information to users can reveal sensitive technical details about the application's implementation, framework versions, and internal paths that could be leveraged by attackers to plan more targeted attacks.
Detection Strategy
• Check for calls to Response.Write, Response.WriteLine, Response.WriteAsync, or Response.WriteLineAsync methods
• Analyze the arguments passed to these response writing methods
• Verify if any of the arguments contain exception objects or stack trace information
• Flag cases where exception details are being directly written to the response output
Vulnerable code example
using System;
using System.Web.UI;
public class VulnerablePage : Page
{
protected void Page_Load(object sender, EventArgs e)
{
try...✅ Secure code example
using System;
using System.Web.UI;
using System.Diagnostics;
public class SecurePage : Page
{
protected void Page_Load(object sender, EventArgs e)
{...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.