ViewState XSS: What’s the Deal?

As penetration testers, there are many different technologies that we have to be familiar with.  The more we know and understand about a given technology, the better our test will be for our customers.  ASP.Net is no exception.  A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack vector used against ASP.Net’s View State functionality.  The post demonstrates how an attacker/tester can test for cross-site scripting vulnerabilities by tampering with the view state parameter.  As the post indicates, there are a lot of factors that go into this attack vector.  The information provided can help determine if this attack vector may be possible.

The full post can be found at: http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top