According to Microsoft Security Advisory , "Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server."
Please check the below links for more information about this.
1 ) Important: ASP.NET Security Vulnerability
2) Understanding the ASP.NET Vulnerability
3) ASP.NET POET Vulnerability - What Else Can I Do?
4) Oracle Padding Vulnerability in ASP.NET
Please check the below links for more information about this.
1 ) Important: ASP.NET Security Vulnerability
2) Understanding the ASP.NET Vulnerability
3) ASP.NET POET Vulnerability - What Else Can I Do?
4) Oracle Padding Vulnerability in ASP.NET
0 comments:
Post a Comment