1:38 CH @ Thứ Tư, 7 tháng 4, 2010

Hack ứng dụng ASP.NET thông qua ViewState ???


Giữa trưa rảnh việc mở mấy cái logs của IIS ra xem, tự dưng thấy đoạn truyền dữ liệu loạn xị cho ViewState đối với ứng dụng ASP.NET, đoán đây là chú nào định tập toẹ hack ứng dụng nhưng chưa rõ kết quả ra sao. Từ trước đến nay cũng chửa được đọc đoạn nào viết về hack thành công ứng dụng ASP.NET thông qua ViewState cả, thế nên pọt ra đây để bà con lạc qua tham khảo tý (nếu bạn nào có thông tin liên qua thì ới cái nhé).

Xem đoạn logs này:

2010-04-04 13:25:51 GET /PortletBlank.aspx/F3F05BCB76974069BF8375CD88012BC9/View/OtherLanguage/E52A119B8EF9446A833EA8588A0C3F7A/PortletBlank.aspx desktop=Blank&portletId=F3F05BCB76974069BF8375CD88012BC9&action=View&catName=OtherLanguage&contId=E52A119B8EF9446A833EA8588A0C3F7A&page=7748&print=711652057-999-20081114-Gioi_thieu_COBOL%2450990%3f__VIEWSTATE%3ddDwxOTYzMjg4ODQwO3Q8O2w8aTwwPjs+O2w8dDxwPGw8dG9wTWFyZ2luO2JvdHRvbU1hcmdpbjtsZWZ0TWFyZ2luO3JpZ2h0TWFyZ2luO29ubG9hZDs+O2w8MDswOzA7MDtpbml0aWFsaXplVklFUG9ydGFsRGVza3RvcCgpXDs7Pj47bDxpPDM+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDxwPGw8d2lkdGg7PjtsPDEwMCU7Pj47bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDA+O2k8ND47aTw2Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTwxPjtpPDM+Oz47bDx0PHQ8O3A8bDxpPDA+O2k8MT47aTwyPjtpPDM+O2k8ND47PjtsPHA8MSAtIEvDqW07MT47cDwyIC0gVOG6oW0gxJHGsOG7o2M7Mj47cDwzIC0gS2jDoTszPjtwPDQgLSBU4buRdDs0PjtwPDUgLSBS4bqldCB04buRdDs1Pjs+Pjs+Ozs+O3Q8cDxwPGw8VGV4dDs+O2w8IENo4buNbiA7Pj47Pjs7Pjs+Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTw2PjtpPDc+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwyPjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjt0PHA8cDxsPFRleHQ7PjtsPCBH4butaSA7Pj47cDxsPG9uY2xpY2s7PjtsPGlmKCFfX2FydGljbGVSZXZpZXdDb250ZW50SXNPaygpKSByZXR1cm4gZmFsc2VcOzs+Pj47Oz47Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+yjw6zBjMg2ZDpdX+CBOnssZAYxc%3d&___popCalendarOutput=%3f__VIEWSTATE%3ddDwxOTYzMjg4ODQwO3Q8O2w8aTwwPjs+O2w8dDxwPGw8dG9wTWFyZ2luO2JvdHRvbU1hcmdpbjtsZWZ0TWFyZ2luO3JpZ2h0TWFyZ2luO29ubG9hZDs+O2w8MDswOzA7MDtpbml0aWFsaXplVklFUG9ydGFsRGVza3RvcCgpXDs7Pj47bDxpPDM+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDxwPGw8d2lkdGg7PjtsPDEwMCU7Pj47bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDA+O2k8ND47aTw2Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTwxPjtpPDM+Oz47bDx0PHQ8O3A8bDxpPDA+O2k8MT47aTwyPjtpPDM+O2k8ND47PjtsPHA8MSAtIEvDqW07MT47cDwyIC0gVOG6oW0gxJHGsOG7o2M7Mj47cDwzIC0gS2jDoTszPjtwPDQgLSBU4buRdDs0PjtwPDUgLSBS4bqldCB04buRdDs1Pjs+Pjs+Ozs+O3Q8cDxwPGw8VGV4dDs+O2w8IENo4buNbiA7Pj47Pjs7Pjs+Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTw2PjtpPDc+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwyPjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjt0PHA8cDxsPFRleHQ7PjtsPCBH4butaSA7Pj47cDxsPG9uY2xpY2s7PjtsPGlmKCFfX2FydGljbGVSZXZpZXdDb250ZW50SXNPaygpKSByZXR1cm4gZmFsc2VcOzs+Pj47Oz47Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+yjw6zBjMg2ZDpdX+CBOnssZAYxc%3d%2c?__VIEWSTATE=dDwxOTYzMjg4ODQwO3Q8O2w8aTwwPjs+O2w8dDxwPGw8dG9wTWFyZ2luO2JvdHRvbU1hcmdpbjtsZWZ0TWFyZ2luO3JpZ2h0TWFyZ2luO29ubG9hZDs+O2w8MDswOzA7MDtpbml0aWFsaXplVklFUG9ydGFsRGVza3RvcCgpXDs7Pj47bDxpPDM+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDE+O2k8Mz47aTw1Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxPjs+O2w8dDxwPGw8d2lkdGg7PjtsPDEwMCU7Pj47bDxpPDE+Oz47bDx0PDtsPGk8MD47PjtsPHQ8O2w8aTwwPjs+O2w8dDw7bDxpPDA+O2k8ND47aTw2Pjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTwxPjtpPDM+Oz47bDx0PHQ8O3A8bDxpPDA+O2k8MT47aTwyPjtpPDM+O2k8ND47PjtsPHA8MSAtIEvDqW07MT47cDwyIC0gVOG6oW0gxJHGsOG7o2M7Mj47cDwzIC0gS2jDoTszPjtwPDQgLSBU4buRdDs0PjtwPDUgLSBS4bqldCB04buRdDs1Pjs+Pjs+Ozs+O3Q8cDxwPGw8VGV4dDs+O2w8IENo4buNbiA7Pj47Pjs7Pjs+Pjt0PHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+O2w8aTw2PjtpPDc+Oz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwyPjs+O2w8dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjt0PHA8cDxsPFRleHQ7PjtsPCBH4butaSA7Pj47cDxsPG9uY2xpY2s7PjtsPGlmKCFfX2FydGljbGVSZXZpZXdDb250ZW50SXNPaygpKSByZXR1cm4gZmFsc2VcOzs+Pj47Oz47Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDxwPGw8VmlzaWJsZTs+O2w8bzxmPjs+Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+yjw6zBjMg2ZDpdX+CBOnssZAYxc=&___popCalendarOutput=
Chia sẻ lên mạng xã hội:

Bình luận

Kết nối và gửi lời chào hỏi

Thông tin liên hệ