Dailydave mailing list archives
Re: [OFFLISTDailydave] ASP.Net viewstate
From: "Kartikeya Puri" <kartikeya.puri () gmail com>
Date: Wed, 13 Sep 2006 01:13:27 -0700
go to python prompt
from base64 import * s="YOUR-VIEWSTATE-STRING-AFTER-REPLACING-URL-ENCODED-PARAMETERS" decodestring(s)
I am sure there i a better way of doing it, but I am Python novice. May be someone can write a small script to replace url encoded chars (%2F,%2B,%3D) in the string automatically and then pass it to decodestring and a decent parser for decoded string. Regards, Kartik On 9/13/06, Nick Drage <nickd () metastasis org uk> wrote:
On Tue, Sep 12, 2006 at 01:20:44PM +0400, Kartikeya Puri wrote: > Hi List, > > During a test I came across a new feature that was introduced inot one of > our application Viewstate. Though it adds an overhead to the performance, it > is adds a trivial level of security. As viewstate holds encoded version of > data being posted along with other controls, it makes it tricky to change > query variables. I have been able to decode viewstate using python > decodestring, but only after I have changed URL encoded characters back to > their decoded form. Apologies for asking for help rather than offering it, but is the code available to do this? Unfortunately "learn python" is still firmly ensconced on my "to do" so its not something I'm currently capable of myself. Thank you. -- We are the Willing, led by the Unknowing, Are doing the Impossible, for the Ungrateful. We have done so much, for so long, with so little, We are now qualified to do anything with nothing.
-- Im not under d affluence of incohol as some tinkle peep.Im not half as thunk as u drink.I fool so feelish and da drunker i stand here da longer i get..
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASP.Net viewstate Kartikeya Puri (Sep 12)
- Message not available
- Re: ASP.Net viewstate Kartikeya Puri (Sep 13)
- Message not available
- Re: ASP.Net viewstate dvorak (Sep 13)
- Message not available
- Re: [OFFLISTDailydave] ASP.Net viewstate Kartikeya Puri (Sep 13)
- Re: [OFFLISTDailydave] ASP.Net viewstate Jeremy Kelley (Sep 13)
- Re: [OFFLISTDailydave] ASP.Net viewstate Kartikeya Puri (Sep 13)