[WEB SECURITY] Numeric SQL injection ASP.NET
ryandewhurst at gmail.com
Mon Apr 25 10:55:17 EDT 2011
Is the ViewState and EventValidation being URL encoded when being sent back
to the server?
What is the HTTP response you are getting?
projects www.dvwa.co.uk | www.webwordcount.com
On Mon, Apr 25, 2011 at 1:15 PM, Oussama Gabi <oussama.gabi at gmail.com>wrote:
> Hello guys,
> I am a beginner in web application Security, so I started to train on
> webgoat.i would like to make numeric SQL injection attack but in ASP.net.
> So I created a dropdownlist that retrieves the names of cities and a
> gridview for display!
> The problem is when I change the ID value with tamperdata, nothing happens.
> I look a bit and I think that's a problem with ViewState, so it's impossible
> to make this attack in ASP.net?
> how could circumvent this viewstate or Disenable it for testing. Or any
> Thank you !
> Best regards!
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity