As penetration testers, there are many different technologies that we have to be familiar with. The more we know and understand about a given technology, the better our test will be for our customers. ASP.Net is no exception. A recent post "ViewState XSS: What's the Deal?" provides good insight into an attack vector used against ASP.Net's View State functionality. The post demonstrates how an attacker/tester can test for cross-site scripting vulnerabilities by tampering with the view state parameter. As the post indicates, there are a lot of factors that go into this attack vector. The information provided can help determine if this attack vector may be possible.
Need your web applications tested for XSS and other vulnerabilities?
Our team tests for cross-site scripting, view state tampering, and the full range of web application security flaws. Reach out to discuss a security assessment.
Talk to Our Team
.png)