Hiển thị các bài đăng có nhãn .NET. Hiển thị tất cả bài đăng
Hiển thị các bài đăng có nhãn .NET. Hiển thị tất cả bài đăng

Hack ứng dụng ASP.NET thông qua ViewState ???


Giữa trưa rảnh việc mở mấy cái logs của IIS ra xem, tự dưng thấy đoạn truyền dữ liệu loạn xị cho ViewState đối với ứng dụng ASP.NET, đoán đây là chú nào định tập toẹ hack ứng dụng nhưng chưa rõ kết quả ra sao. Từ trước đến nay cũng chửa được đọc đoạn nào viết về hack thành công ứng dụng ASP.NET thông qua ViewState cả, thế nên pọt ra đây để bà con lạc qua tham khảo tý (nếu bạn nào có thông tin liên qua thì ới cái nhé).

Xem đoạn logs này:

2010-04-04 13:25:51 GET /PortletBlank.aspx/F3F05BCB76974069BF8375CD88012BC9/View/OtherLanguage/E52A119B8EF9446A833EA8588A0C3F7A/PortletBlank.aspx desktop=Blank&portletId=F3F05BCB76974069BF8375CD88012BC9&action=View&catName=OtherLanguage&contId=E52A119B8EF9446A833EA8588A0C3F7A&page=7748&print=711652057-999-20081114-Gioi_thieu_COBOL%2450990%3f__VIEWSTATE%3ddDwxOTYzMjg4ODQwO3Q8O2w8aTwwPjs+O2w8dDxwPGw8dG9wTWFyZ2luO2JvdHRvbU1hcmdpbjtsZWZ0TWFyZ2luO3JpZ2h0TWFyZ2luO29ubG9hZDs+O2w8MDswOzA7MDtpbml0aWFsaXplVklFUG9ydGFsRGVza3RvcCgpXDs7Pj47bDxpPDM+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDxwPGw8d2lkdGg7PjtsPDEwMCU7Pj47bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDA+O2k8ND47aTw2Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTwxPjtpPDM+Oz47bDx0PHQ8O3A8bDxpPDA+O2k8MT47aTwyPjtpPDM+O2k8ND47PjtsPHA8MSAtIEvDqW07MT47cDwyIC0gVOG6oW0gxJHGsOG7o2M7Mj47cDwzIC0gS2jDoTszPjtwPDQgLSBU4buRdDs0PjtwPDUgLSBS4bqldCB04buRdDs1Pjs+Pjs+Ozs+O3Q8cDxwPGw8VGV4dDs+O2w8IENo4buNbiA7Pj47Pjs7Pjs+Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTw2PjtpPDc+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwyPjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjt0PHA8cDxsPFRleHQ7PjtsPCBH4butaSA7Pj47cDxsPG9uY2xpY2s7PjtsPGlmKCFfX2FydGljbGVSZXZpZXdDb250ZW50SXNPaygpKSByZXR1cm4gZmFsc2VcOzs+Pj47Oz47Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+yjw6zBjMg2ZDpdX+CBOnssZAYxc%3d&___popCalendarOutput=%3f__VIEWSTATE%3ddDwxOTYzMjg4ODQwO3Q8O2w8aTwwPjs+O2w8dDxwPGw8dG9wTWFyZ2luO2JvdHRvbU1hcmdpbjtsZWZ0TWFyZ2luO3JpZ2h0TWFyZ2luO29ubG9hZDs+O2w8MDswOzA7MDtpbml0aWFsaXplVklFUG9ydGFsRGVza3RvcCgpXDs7Pj47bDxpPDM+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDxwPGw8d2lkdGg7PjtsPDEwMCU7Pj47bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDA+O2k8ND47aTw2Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTwxPjtpPDM+Oz47bDx0PHQ8O3A8bDxpPDA+O2k8MT47aTwyPjtpPDM+O2k8ND47PjtsPHA8MSAtIEvDqW07MT47cDwyIC0gVOG6oW0gxJHGsOG7o2M7Mj47cDwzIC0gS2jDoTszPjtwPDQgLSBU4buRdDs0PjtwPDUgLSBS4bqldCB04buRdDs1Pjs+Pjs+Ozs+O3Q8cDxwPGw8VGV4dDs+O2w8IENo4buNbiA7Pj47Pjs7Pjs+Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTw2PjtpPDc+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwyPjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjt0PHA8cDxsPFRleHQ7PjtsPCBH4butaSA7Pj47cDxsPG9uY2xpY2s7PjtsPGlmKCFfX2FydGljbGVSZXZpZXdDb250ZW50SXNPaygpKSByZXR1cm4gZmFsc2VcOzs+Pj47Oz47Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+yjw6zBjMg2ZDpdX+CBOnssZAYxc%3d%2c?__VIEWSTATE=dDwxOTYzMjg4ODQwO3Q8O2w8aTwwPjs+O2w8dDxwPGw8dG9wTWFyZ2luO2JvdHRvbU1hcmdpbjtsZWZ0TWFyZ2luO3JpZ2h0TWFyZ2luO29ubG9hZDs+O2w8MDswOzA7MDtpbml0aWFsaXplVklFUG9ydGFsRGVza3RvcCgpXDs7Pj47bDxpPDM+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDxwPGw8d2lkdGg7PjtsPDEwMCU7Pj47bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDA+O2k8ND47aTw2Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTwxPjtpPDM+Oz47bDx0PHQ8O3A8bDxpPDA+O2k8MT47aTwyPjtpPDM+O2k8ND47PjtsPHA8MSAtIEvDqW07MT47cDwyIC0gVOG6oW0gxJHGsOG7o2M7Mj47cDwzIC0gS2jDoTszPjtwPDQgLSBU4buRdDs0PjtwPDUgLSBS4bqldCB04buRdDs1Pjs+Pjs+Ozs+O3Q8cDxwPGw8VGV4dDs+O2w8IENo4buNbiA7Pj47Pjs7Pjs+Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTw2PjtpPDc+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwyPjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjt0PHA8cDxsPFRleHQ7PjtsPCBH4butaSA7Pj47cDxsPG9uY2xpY2s7PjtsPGlmKCFfX2FydGljbGVSZXZpZXdDb250ZW50SXNPaygpKSByZXR1cm4gZmFsc2VcOzs+Pj47Oz47Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+yjw6zBjMg2ZDpdX+CBOnssZAYxc=&___popCalendarOutput=