dimanche 27 septembre 2009

"Code Project Associate" Status @ Code Project


Now i'm "The Code Project Associate" @ THE CODE PROJECT, Thanks all.

Code Project Member Types:

The Code Project Associate

Members who have their own websites with their high quality content and who choose to share their content with The Code Project community can be selected to be Code Project Associates.



vendredi 25 septembre 2009

Asp.Net : __VIEWSTATE Bug !

When you Try this on Asp.net 2.0 WebSite:

http://www.YouWebsite/default.aspx?__VIEWSTATE=COUCOU!

You will have something like that:



How can we exploit it ? and what we have to do, to resolve this Bug?!

Any Suggestions Are Welcome.


08/01/2010

I found the Solution: Remove "__VIEWSTATE" parameter From "Request.QueryString"

protected override void OnInitComplete(EventArgs e)
{
base.OnInitComplete(e);

if (Request.QueryString.ToString().Contains("__VIEWSTATE"))
{

// reflect to readonly property
PropertyInfo isreadonly = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);

// make collection editable
isreadonly.SetValue(this.Request.QueryString, false, null);

// remove
this.Request.QueryString.Remove("__VIEWSTATE");


// make collection readonly again
isreadonly.SetValue(this.Request.QueryString, true, null);

}

}

Rechercher dans ce blog