[WEB SECURITY] Numeric SQL injection ASP.NET

Oussama Gabi oussama.gabi at gmail.com
Mon Apr 25 08:15:57 EDT 2011


Hello guys,

I am a beginner in web application Security, so I started to train on
webgoat.i would like to make numeric SQL injection attack but in ASP.net.
So I created a dropdownlist that retrieves the names of cities and a
gridview for display!
The problem is when I change the ID value with tamperdata, nothing happens.
I look a bit and I think that's a problem with ViewState, so it's impossible
to make this attack in ASP.net?
how could circumvent this viewstate or  Disenable it for testing. Or any
hint!

Thank you !


Best regards!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110425/81c509d2/attachment-0003.html>


More information about the websecurity mailing list