Hello guys,
I am a beginner in web application Security, so I started to train on
webgoat.i would like to make numeric SQL injection attack but in ASP.net.
So I created a dropdownlist that retrieves the names of cities and a
gridview for display!
The problem is when I change the ID value with tamperdata, nothing happens.
I look a bit and I think that's a problem with ViewState, so it's impossible
to make this attack in ASP.net?
how could circumvent this viewstate or Disenable it for testing. Or any
hint!
Thank you !
Best regards!
Is the ViewState and EventValidation being URL encoded when being sent back
to the server?
What is the HTTP response you are getting?
Ryan Dewhurst
blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r
On Mon, Apr 25, 2011 at 1:15 PM, Oussama Gabi oussama.gabi@gmail.comwrote:
Hello guys,
I am a beginner in web application Security, so I started to train on
webgoat.i would like to make numeric SQL injection attack but in ASP.net.
So I created a dropdownlist that retrieves the names of cities and a
gridview for display!
The problem is when I change the ID value with tamperdata, nothing happens.
I look a bit and I think that's a problem with ViewState, so it's impossible
to make this attack in ASP.net?
how could circumvent this viewstate or Disenable it for testing. Or any
hint!
Thank you !
Best regards!
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Yes, i've disabled the enableValidation, for the ViewState i added
EnableViewState=flase in the dropdownList without any result.
The server response:
Status=OK - 200
Server=ASP.NET Development Server/10.0.0.0
Date=Mon, 25 Apr 2011 16:22:39 GMT
X-AspNet-Version=2.0.50727
Cache-Control=private
Content-Type=text/html; charset=utf-8
Content-Length=1331
Connection=Close
Thank you very much
2011/4/25 Ryan Dewhurst ryandewhurst@gmail.com
Is the ViewState and EventValidation being URL encoded when being sent back
to the server?
What is the HTTP response you are getting?
Ryan Dewhurst
blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r
On Mon, Apr 25, 2011 at 1:15 PM, Oussama Gabi oussama.gabi@gmail.comwrote:
Hello guys,
I am a beginner in web application Security, so I started to train on
webgoat.i would like to make numeric SQL injection attack but in ASP.net.
So I created a dropdownlist that retrieves the names of cities and a
gridview for display!
The problem is when I change the ID value with tamperdata, nothing
happens. I look a bit and I think that's a problem with ViewState, so it's
impossible to make this attack in ASP.net?
how could circumvent this viewstate or Disenable it for testing. Or any
hint!
Thank you !
Best regards!
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi
Sharing the code could be a good idea. Maybe put it up on github or
something.
Best regards,
Erlend
On 25.04.2011 17:38, Oussama Gabi wrote:
Yes, i've disabled the enableValidation, for the ViewState i added
EnableViewState=flase in the dropdownList without any result.
The server response:
Status=OK - 200
Server=ASP.NET http://ASP.NET Development Server/10.0.0.0
http://10.0.0.0
Date=Mon, 25 Apr 2011 16:22:39 GMT
X-AspNet-Version=2.0.50727
Cache-Control=private
Content-Type=text/html; charset=utf-8
Content-Length=1331
Connection=Close
Thank you very much
2011/4/25 Ryan Dewhurst <ryandewhurst@gmail.com
mailto:ryandewhurst@gmail.com>
Is the ViewState and EventValidation being URL encoded when being
sent back to the server?
What is the HTTP response you are getting?
Ryan Dewhurst
blog www.ethicalhack3r.co.uk <http://www.ethicalhack3r.co.uk>
projects www.dvwa.co.uk <http://www.dvwa.co.uk> |
www.webwordcount.com <http://www.webwordcount.com>
twitter www.twitter.com/ethicalhack3r
<http://www.twitter.com/ethicalhack3r>
On Mon, Apr 25, 2011 at 1:15 PM, Oussama Gabi
<oussama.gabi@gmail.com <mailto:oussama.gabi@gmail.com>> wrote:
Hello guys,
I am a beginner in web application Security, so I started to
train on webgoat.i would like to make numeric SQL injection
attack but in ASP.net.
So I created a dropdownlist that retrieves the names of cities
and a gridview for display!
The problem is when I change the ID value with tamperdata,
nothing happens. I look a bit and I think that's a problem
with ViewState, so it's impossible to make this attack in ASP.net?
how could circumvent this viewstate or Disenable it for
testing. Or any hint!
Thank you !
Best regards!
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
<mailto:websecurity@lists.webappsec.org>
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Try https://gist.github.com/ . Nice place for sharing (public) code.
--
David Rajchenbach-Teller
CSO, MLstate
On Apr 25, 2011, at 6:55 PM, Erlend Oftedal wrote:
Hi
Sharing the code could be a good idea. Maybe put it up on github or something.
Best regards,
Erlend
Hello guys,
For testing I put the enableViewStateMac to false, now there is no hash at
the end of the ViewState. Then I intercept the request with BurpProxy.
The ViewState code is
%2FwEPDwUKMTAxMTc1NDMyNA9kFgICAw9kFgICAQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQNOb20eDkRhdGFWYWx1ZUZpZWxkBQhJZF9WaWxsZR4LXyFEYXRhQm91bmRnZBAVBgpDYXNhYmxhbmNhBVJhYmF0BFNhZmkGVGFuZ2VyBkFnYWRpcgVTYWZpZRUGAzIwMAMyMDEDMjAyAzIwMwMyMDQDMjAyFCsDBmdnZ2dnZ2RkGAEFCUdyaWRWaWV3MQ88KwAKAQgCAWQ%3D
I get something like that when i decode it :
ÿ
1011754324dd
DataTextFieldNomDataValueFieldId_Ville_!DataBoundgd
CasablancaRabatSafiTangerAgadirSafie200201202203204202+ggggggdd
GridView1<+�
d
my goal is to add or 1=1 to display all the cities with tamperature .
So i add it after the value selected in the dropdownlist e.g 201, it will be
201 or 1=1
i encode the all to base64.
but i got an error session information is not valid....
i've tried to change the centent-length in vain..
I know it's stupid, but i wanna make this exemple..
this is my Code https://gist.github.com/943987
do you have any ideas please?
Thank you
Best regards
Oussama GABI
2011/4/25 Erlend Oftedal erlend@oftedal.no
Hi
Sharing the code could be a good idea. Maybe put it up on github or
something.
Best regards,
Erlend
On 25.04.2011 17:38, Oussama Gabi wrote:
Yes, i've disabled the enableValidation, for the ViewState i added
EnableViewState=flase in the dropdownList without any result.
The server response:
Status=OK - 200
Server=ASP.NET Development Server/10.0.0.0
Date=Mon, 25 Apr 2011 16:22:39 GMT
X-AspNet-Version=2.0.50727
Cache-Control=private
Content-Type=text/html; charset=utf-8
Content-Length=1331
Connection=Close
Thank you very much
2011/4/25 Ryan Dewhurst ryandewhurst@gmail.com
Is the ViewState and EventValidation being URL encoded when being sent
back to the server?
What is the HTTP response you are getting?
Ryan Dewhurst
blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r
On Mon, Apr 25, 2011 at 1:15 PM, Oussama Gabi oussama.gabi@gmail.comwrote:
Hello guys,
I am a beginner in web application Security, so I started to train on
webgoat.i would like to make numeric SQL injection attack but in ASP.net.
So I created a dropdownlist that retrieves the names of cities and a
gridview for display!
The problem is when I change the ID value with tamperdata, nothing
happens. I look a bit and I think that's a problem with ViewState, so it's
impossible to make this attack in ASP.net?
how could circumvent this viewstate or Disenable it for testing. Or any
hint!
Thank you !
Best regards!
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feedhttp://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitterhttp://twitter.com/wascupdates
websecurity@lists.webappsec.orghttp://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org