|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Message-ID: <42831298.9090501@sigsegv.cx> Date: Thu, 12 May 2005 09:23:52 +0100 From: Anton Ivanov <arivanov@sigsegv.cx> MIME-Version: 1.0 To: Michal Zalewski <lcamtuf@gmail.com> Cc: bugtraq@securityfocus.com In-Reply-To: <1e89feb305050514177dcf0e27@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One more example. http://www.theregister.co.uk/2005/05/11/ms_gatekeeper_test_fiasco/ It looks like someone already used this to rig his scores in the Microsoft Security Professional competition. ROFL. A. Michal Zalewski wrote: | I would also like to point all concerned to an excellent post about | replay attacks on __VIEWSTATE; the post is by Scott Mitchell, the | guy who authored the MSDN article I initially referred to [1]: | | http://scottonwriting.net/sowblog/posts/3747.aspx | | His article is aimed at developers; Scott explains the issue I | reported in a way that makes it perhaps more clear why putting user | ID, session ID, or other similar data in __VIEWSTATE is not a | remedy by itself, and why reposting __VIEWSTATE is dangerous | despite target script location checks. | | [1] | http://msdn.microsoft.com/library/en-us/dnaspp/html/viewstate.asp | | Cheers, /mz | - -- La Châtelier's Law: ~ If some stress is brought to bear on a system in equilibrium, the equilibrium is displaced in the direction which tends to undo the effect of the stress. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCgxKX/NpXLt3l5xURAoCRAKCST0nfsIav2YahTueJdgyl1sjfIQCgwRhm L/0uD824ZveBMYbo9yi1ErI= =0rM6 -----END PGP SIGNATURE-----
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |