解决ajax劫持,加强JavaScript劫持:使用Jquery Ajax的易受攻击的框架aspx

我正在开发一个遗留系统,我们刚刚用HP Fortify扫描了它,得到了

JavaScript劫持:易受攻击的框架,代码如下。

function getMissionOverwriteDocsDataCountComponent(siteNo, fcg, catCode, facNo, assetUid, compNo) {

// Make the Ajax call

$.ajax({

url: 'MissionOverwriteAj.aspx',

data: {

reqType: 'getMissionOverwriteDocsCountComponent',

siteNo: siteNo,

fcg: fcg,

catCode: catCode,

facNo: facNo,

assetUid: assetUid,

compNo: compNo

},

dataType: "text",

cache: false,

async: false,

error: errorFunc,

success: function(response){

//alert(response);

attCount = response;

}

});

}

这在VB中调用ASPX页面

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

Dim reqType As String = Request.Params("reqType")

userID = Session(UserID).ToString()

orgID = Session(OrgID).ToString()

facility = New Facility(Request.Params("siteNo"),

Request.Params("facNo"),

Request.Params("fcg"),

Request.Params("catCode"),

Request.Params("assetUid"))

' Determine what type of call is being made.

Select Case reqType