Dailydave mailing list archives
Re: ASP.Net viewstate
From: "Kartikeya Puri" <kartikeya.puri () gmail com>
Date: Tue, 12 Sep 2006 12:24:36 -0700
Quoting from MSDN: When the ASP.NET page framework creates a hash for view state data, it uses a MAC key that is either auto-generated or specified in the Machine.configfile. If the key is auto-generated, it is created based on the MAC address of the computer. The MAC address is the unique GUID value of the network adapter in the computer. So if I am in a LAN environment, it is possible for me to get the MAC on which the auto-generated key is based. Now this is while assuming that the key is auto generated which if i understand correctly is the default (putting a long key in Machine.config file is optional). Also Suppose if this is a Lan based application where one can control what will be the contents of the viewstate, i.e. the post variables can be controlled, wouldn't it be possible to get the hash (which is SHA-1) ? Just an idea ... Regards, Kartik On 9/12/06, ET LoWNOISE <et () grex cyberspace org> wrote:
http://msdn2.microsoft.com/en-us/library/ms178199.aspx
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASP.Net viewstate Kartikeya Puri (Sep 12)
- Message not available
- Re: ASP.Net viewstate Kartikeya Puri (Sep 13)
- Message not available
- Re: ASP.Net viewstate dvorak (Sep 13)
- Message not available
- Re: [OFFLISTDailydave] ASP.Net viewstate Kartikeya Puri (Sep 13)
- Re: [OFFLISTDailydave] ASP.Net viewstate Jeremy Kelley (Sep 13)
- Re: [OFFLISTDailydave] ASP.Net viewstate Kartikeya Puri (Sep 13)