Dailydave mailing list archives
Re: XSS in viewstate
From: Nicolas RUFF <nruff () security-labs org>
Date: Sat, 20 Feb 2010 21:27:41 +0100
Microsoft doesn't fully document the view state format, but it isn't too hard to discover using tools like .Net Reflector (http://reflector.red-gate.com). There are several tools that will decode the view state; my favorite is ViewStateHacker (http://www.woany.co.uk/viewstatehacker/).
Hello,
I already had a look at that in the past, and it appears that ViewState
data is encoded using System.Web.UI.LosFormatter (LOS meaning Limited
Object Serialization).
Everything can be found in System.Web.dll (from the .NET Framework). It
might even be available in the source
(http://referencesource.microsoft.com/netframework.aspx).
There is at least one Open Source project that began to reimplement the
serialization logic (but it seems pretty dead right now):
http://sourceforge.net/projects/viewstate/
From what I remember, that serialization protocol was a real mess. I
guess all "ViewState hacking" tools out there are simple wrappers of System.Web.UI.LosFormatter. Regards, - Nicolas RUFF _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- XSS in viewstate dave (Feb 19)
- Re: XSS in viewstate Chris Weber (Feb 19)
- Re: XSS in viewstate dave (Feb 19)
- Re: XSS in viewstate David Byrne (Feb 19)
- Re: XSS in viewstate dave (Feb 19)
- Re: XSS in viewstate Raw Data (Feb 19)
- Re: XSS in viewstate David Byrne (Feb 19)
- Re: XSS in viewstate I)ruid (Mar 21)
- Re: XSS in viewstate David Byrne (Feb 19)
- Re: XSS in viewstate David Byrne (Feb 19)
- Re: XSS in viewstate Nicolas RUFF (Feb 21)
- Re: XSS in viewstate Chris Weber (Feb 19)