The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Chapter 5 ■ Bypassing Client-Side Controls

Download 5,76 Mb.

Pdf ko'rish

bet	186/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 182 183 184 185 186 187 188 189 ... 875

Bog'liq
3794 1008 4334

Chapter 5

■

Bypassing Client-Side Controls

105

70779c05.qxd:WileyRed 9/16/07 5:14 PM Page 105

HACK STEPS

■

If you are attacking an ASP.NET application, verify whether the

EnableViewStateMac

option is activated. This is indicated by the pres-

ence of a 20-byte hash at the end of the ViewState structure, and you can

use the decoder in Burp Proxy to confirm whether this is present.

■

Even if the ViewState is protected, decode the ViewState parameter on

various different application pages to discover whether the application is

using the ViewState to transmit any sensitive data via the client.

■

Try to modify the value of a specific parameter within the ViewState,

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 182 183 184 185 186 187 188 189 ... 875