Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Viewstatedecoder usage

From: Raja <raja1.it.consultant () gmail com>
Date: Wed, 11 Aug 2010 09:41:42 +0530
Hi,

Does anybody know how to use Viewstatedecoder?

I dont understand how to use viewstatedecoder output.

For example:

If i give below string as an input:
/wEPDwUKLTM5MzgzMzAyMw9kFgICAQ9kFgQCCA8PZBYCHgdPbkNsaWNrBRdyZXR1cm4gVmFsaWRhdGVMb2dpbigpO2QCCg8WAh4Fc3R5bGUFC0RJU1BMQVk6Jyc7ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUKY2hrUmVtZWJlcsqpQglfgYd3pgCO3mYCpLrYijgN

I got the following output:

<?xml version="1.0" encoding="utf-16"?>
<viewstate>
<Pair>
<Pair>
<String>-393833023</String>
<Pair>
<ArrayList>
<Int32>1</Int32>
<Pair>
<ArrayList>
<Int32>8</Int32>
<Pair>
<Pair>
<ArrayList>
<IndexedString>OnClick</IndexedString>
<String>return ValidateLogin();</String>
</ArrayList>
</Pair>
</Pair>
<Int32>10</Int32>
<Pair>
<ArrayList>
<IndexedString>style</IndexedString>
<String>DISPLAY:'';</String>
</ArrayList>
</Pair>
</ArrayList>
</Pair>
</ArrayList>
</Pair>
</Pair>
</Pair>
</viewstate>
What do i understand from this? how can this be used in Web Penetration testing? 

Thanks,
Raja


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: