|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] ASP.Net viewstate
From: Kartikeya Puri (kartikeya.puri
gmail.com)
Date: Tue Sep 12 2006 - 14:24:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Quoting from MSDN:
When the ASP.NET page framework creates a hash for view state data, it uses
a MAC key that is either auto-generated or specified in the
Machine.configfile. If the key is auto-generated, it is created based
on the MAC address
of the computer. The MAC address is the unique GUID value of the network
adapter in the computer.
So if I am in a LAN environment, it is possible for me to get the MAC on
which the auto-generated key is based. Now this is while assuming that the
key is auto generated which if i understand correctly is the default
(putting a long key in Machine.config file is optional). Also Suppose if
this is a Lan based application where one can control what will be the
contents of the viewstate, i.e. the post variables can be controlled,
wouldn't it be possible to get the hash (which is SHA-1) ? Just an idea ...
Regards,
Kartik
On 9/12/06, ET LoWNOISE <etgrex.cyberspace.org> wrote:
>
> http://msdn2.microsoft.com/en-us/library/ms178199.aspx
>
>
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]