Penetration Testing mailing list archives
Viewstatedecoder usage
From: Raja <raja1.it.consultant () gmail com>
Date: Wed, 11 Aug 2010 09:41:42 +0530
Hi, Does anybody know how to use Viewstatedecoder? I dont understand how to use viewstatedecoder output. For example: If i give below string as an input: /wEPDwUKLTM5MzgzMzAyMw9kFgICAQ9kFgQCCA8PZBYCHgdPbkNsaWNrBRdyZXR1cm4gVmFsaWRhdGVMb2dpbigpO2QCCg8WAh4Fc3R5bGUFC0RJU1BMQVk6Jyc7ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUKY2hrUmVtZWJlcsqpQglfgYd3pgCO3mYCpLrYijgN I got the following output: <?xml version="1.0" encoding="utf-16"?> <viewstate> <Pair> <Pair> <String>-393833023</String> <Pair> <ArrayList> <Int32>1</Int32> <Pair> <ArrayList> <Int32>8</Int32> <Pair> <Pair> <ArrayList> <IndexedString>OnClick</IndexedString> <String>return ValidateLogin();</String> </ArrayList> </Pair> </Pair> <Int32>10</Int32> <Pair> <ArrayList> <IndexedString>style</IndexedString> <String>DISPLAY:'';</String> </ArrayList> </Pair> </ArrayList> </Pair> </ArrayList> </Pair> </Pair> </Pair> </viewstate>What do i understand from this? how can this be used in Web Penetration testing?
Thanks, Raja ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Viewstatedecoder usage Raja (Aug 12)
- RE: Viewstatedecoder usage Chris Weber (Aug 13)