vendredi 25 septembre 2009

Asp.Net : __VIEWSTATE Bug !

When you Try this on 2.0 WebSite:


You will have something like that:

How can we exploit it ? and what we have to do, to resolve this Bug?!

Any Suggestions Are Welcome.


I found the Solution: Remove "__VIEWSTATE" parameter From "Request.QueryString"

protected override void OnInitComplete(EventArgs e)

if (Request.QueryString.ToString().Contains("__VIEWSTATE"))

// reflect to readonly property
PropertyInfo isreadonly = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);

// make collection editable
isreadonly.SetValue(this.Request.QueryString, false, null);

// remove

// make collection readonly again
isreadonly.SetValue(this.Request.QueryString, true, null);



Aucun commentaire:

Enregistrer un commentaire

Rechercher dans ce blog