Question on Asp.Net ViewState
48 views
Skip to first unread message
aditya
Feb 5, 2013, 7:28:24 AM2/5/13
to null-...@googlegroups.com
Hello Nulls,
The Web Application Hacker's Handbook page 125 states that in ASP.Net, the View State parameters are Base64 encoded, but I was unable to decode it as mentioned in the book since there has to be certain pattern to be used. Please if anyone could guide me to decode it to get the
From the book
--
Regards
__VIEWSTATE=%2FwEPDwULLTE1ODcxNjkwNjIPFgIeBXByaWNlBQMzOTlkZA%3D%3D&
quantity=1
The request apparently does not contain the product price — only the quantity
ordered and the opaque ViewState parameter. Changing that parameter at
random results in an error message, and the purchase is not processed.
The ViewState parameter is actually a Base64-encoded string that can be
easily decoded to see the price parameter that has been placed there:
3D FF 01 0F 0F 05 0B 2D 31 35 38 37 31 36 39 30 ; =ÿ.....-15871690
36 32 0F 16 02 1E 05 70 72 69 63 65 05 03 33 39 ; 62.....price..39
39 64 64 ; 9dd
Regards
Aditya Balapure
webDEViL
Feb 5, 2013, 8:28:21 AM2/5/13
to null-...@googlegroups.com
Viewstate is a serialized object which is base64 encoded.
So you have to do a little more than just base64 decode.
You can read more on this here (I googled this for you :-))
http://msdn.microsoft.com/en-us/magazine/cc188774.aspx
If you are looking for tools which can do this, Burp is one. Plus, I
am sure you'll find multiple online tools to do this for you, with
their source.
> --
> Get ready to Goa!
> nullcon security conference Goa Feb 27th - March 2nd 2013
> http://nullcon.net
>
> null - Spreading the right Information
> null Mailing list charter:
> http://null.co.in/section/about/null_list_charter/
> ---
> You received this message because you are subscribed to the Google Groups
> "null" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to null-co-in+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
Regards,
webDEViL
http://twitter.com/w3bd3vil
So you have to do a little more than just base64 decode.
You can read more on this here (I googled this for you :-))
http://msdn.microsoft.com/en-us/magazine/cc188774.aspx
If you are looking for tools which can do this, Burp is one. Plus, I
am sure you'll find multiple online tools to do this for you, with
their source.
> Get ready to Goa!
> nullcon security conference Goa Feb 27th - March 2nd 2013
> http://nullcon.net
>
> null - Spreading the right Information
> null Mailing list charter:
> http://null.co.in/section/about/null_list_charter/
> ---
> You received this message because you are subscribed to the Google Groups
> "null" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to null-co-in+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
Regards,
webDEViL
http://twitter.com/w3bd3vil
Akash
Feb 5, 2013, 10:44:28 AM2/5/13
to null-...@googlegroups.com
Also another article to give you more detail
http://msdn.microsoft.com/en-us/library/ms972976.aspx#viewstate_topic11
http://msdn.microsoft.com/en-us/library/ms972976.aspx#viewstate_topic11
Warm regards,
Akash Mahajan
That Web Application Security Guy | +91 99 805 271 82
akashm.com | @makash on twitter | linkd.in/webappsecguy
OWASP Bangalore Chapter Lead | null Community Manager
Akash Mahajan
That Web Application Security Guy | +91 99 805 271 82
akashm.com | @makash on twitter | linkd.in/webappsecguy
OWASP Bangalore Chapter Lead | null Community Manager
Reply all
Reply to author
Forward
0 new messages