Dailydave mailing list archives
ASP.Net viewstate
From: "Kartikeya Puri" <kartikeya.puri () gmail com>
Date: Tue, 12 Sep 2006 13:20:44 +0400
Hi List, During a test I came across a new feature that was introduced inot one of our application Viewstate. Though it adds an overhead to the performance, it is adds a trivial level of security. As viewstate holds encoded version of data being posted along with other controls, it makes it tricky to change query variables. I have been able to decode viewstate using python decodestring, but only after I have changed URL encoded characters back to their decoded form. Also so far I had no luck in encoding my strings in viewstate while submitting the request. Let me draw the scenerio: request(something.aspx )-->put_somejunk_input()-->Post_request()--->intercept_request()-->grab_viewstate()-->decode_viewstate()-->Makechanges_viewstate()-->encode_viewstate()-->Post_newvars_with_new_viewstate() There are a few details which are to be taken care of, like contentlength *taken care of by livehttpheaders/viewstatedecoder*. Can soemone give me a pointer regarding the same? Thanks and Regards, Kartik -- Im not under d affluence of incohol as some tinkle peep.Im not half as thunk as u drink.I fool so feelish and da drunker i stand here da longer i get..
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASP.Net viewstate Kartikeya Puri (Sep 12)
- Message not available
- Re: ASP.Net viewstate Kartikeya Puri (Sep 13)
- Message not available
- Re: ASP.Net viewstate dvorak (Sep 13)
- Message not available
- Re: [OFFLISTDailydave] ASP.Net viewstate Kartikeya Puri (Sep 13)
- Re: [OFFLISTDailydave] ASP.Net viewstate Jeremy Kelley (Sep 13)
- Re: [OFFLISTDailydave] ASP.Net viewstate Kartikeya Puri (Sep 13)