Home page logo

webappsec logo WebApp Sec mailing list archives

Re: URL Decryption
From: "Matt Fisher" <mattfisher () comcast net>
Date: Sat, 19 Jun 2004 13:29:06 -0400

AFAIK , both .net and 3.0 provide html and urlencode capabilities, but just
because its done in an .asp or .aspx doesn't mean it has to be done using
the ASP 3.0 or .Net object model; its trivial to find / buy a COM object
that provides hashing and encryption capabilities, and use its capabilities
within your page.

Dont rule out someone "trying their hand" at their own encryption (or at
least, obfuscation) either.

----- Original Message ----- 
From: "Shyam Manohar" <apptester2004 () yahoo com>
To: <webappsec () securityfocus com>
Sent: Friday, June 18, 2004 7:03 AM
Subject: URL Decryption

Hi List,
I would like to know if there is any functionality provided by ASP to
decrypt a URL within the web application?
Looks like the application itself is using some API to encrypt the URL
since there isn't any client side code that encrypts the URL.
In the HTML that is rendered, I have encountered something like this
<div id="accmenu" style="display: none; height: 15;">
<table style="font-weight: bold" border=0>
   <td width='0'></td>
   <td class='down'>

    target="vkgbody" >MenuItemName</a>


  By Date           By Thread  

Current thread:
  • URL Decryption Shyam Manohar (Jun 19)
    • Re: URL Decryption Matt Fisher (Jun 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]