Microsoft's Recommendation on View State Mac

By YGN Ethical Hacker Group -
Advisory

Trustwave's SpiderLabs Security Advisory TWSL2010-001:
Multiplatform View State Tampering Vulnerabilities
Published: 2010-02-08 Version: 1.1
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt
 
 
Analysis
 
Wrong or inadequate recommendations from Vendor can play a vital role in its customers who might always stay compliance with vendor' documentation and recommendation.
Researchers from SpiderLabs pointed out: 
 
"A vulnerability was alluded to in a 2004 Microsoft article on
troubleshooting view state problems [1]. However, other
Microsoft documents recommend disabling view state signing
"if performance is a key consideration," [2, 3, 4] or for
various other reasons [5, 6]. 
Realistically, unsigned view states should never be used in a production environment."
  












































Comments











Post a Comment























Popular posts from this blog









Bypassing referrer check with no script involved







By


YGN Ethical Hacker Group



-















 No more to use scripting approach like https://github.com/knu/noreferrer   This useful meta tag helps for CSRF POC preparation when you come across an application that checks referrer header:   <meta name="referrer" content="no-referrer">   https://caniuse.com/#feat=referrer-policy   








Read more










Jumping out of Touch Screen Kiosks







By


YGN Ethical Hacker Group



-














Image







 Background:   Nowadays, the use of large touch screen kiosks has been prevalent.  They are to replace tradition paper-based brochures and to provide more interactive means to consumers. In restaurants, you can see a variety of food menu that can be accessible in large touch screen LCD monitor.  In your local Telcos, you can see a variety of mobile and Internet subscriptions plans.     Behind these touch screen menus are running standalone or browser-mode Adobe Flash applications which are second-to-none for interactivity and scalablity and ease of update. Data could be pulled from somewhere round their centralized web severs.   Weakness: Jumping out  We cannot use  iKat  at first as we do not have access to any keyboard facility.  However, the trick is no-brainer.   Do long press on any locations and relieve.   You should see the usual Flash context menu like:  Touch "Global Settings".   A web browser window will pop up and redirect to the Adobe ...








Read more