|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] ASP.Net viewstate
From: dvorak (dvorak
xs4all.nl)
Date: Tue Sep 12 2006 - 19:59:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Hi List,
>
<SNIP>
If I am not mistaken viewstate holds some kind of HMAC
like thingy inside, something like:
hash(data in viewstate || server_key). Which might make
changing the viewstate a bit harder, or impossible
depending on the actual implementation. You should be
able to see it in the (base64) decoded viewstate, binary
data probably 16/20/32 bytes in length.
hf.
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]