WebApp Sec mailing list archives
Re: URL Decryption
From: "Matt Fisher" <mattfisher () comcast net>
Date: Sat, 19 Jun 2004 13:29:06 -0400
AFAIK , both .net and 3.0 provide html and urlencode capabilities, but just because its done in an .asp or .aspx doesn't mean it has to be done using the ASP 3.0 or .Net object model; its trivial to find / buy a COM object that provides hashing and encryption capabilities, and use its capabilities within your page. Dont rule out someone "trying their hand" at their own encryption (or at least, obfuscation) either. ----- Original Message ----- From: "Shyam Manohar" <apptester2004 () yahoo com> To: <webappsec () securityfocus com> Sent: Friday, June 18, 2004 7:03 AM Subject: URL Decryption
Hi List, I would like to know if there is any functionality provided by ASP to decrypt a URL within the web application? Looks like the application itself is using some API to encrypt the URL since there isn't any client side code that encrypts the URL. In the HTML that is rendered, I have encountered something like this <div id="accmenu" style="display: none; height: 15;"> <table style="font-weight: bold" border=0> <tr> <td width='0'></td> <td class='down'> <a
href='http://IPAddress:80/SRVR?&PARAM1=004Z45A4QR9j3/GgN8cnOoUifsLIrs4T8jy8/ vKAkY/iO14s/EBVb35m//7NnKSt1zfBjuDJ4XT4C&IWP2=005Z137A4QR/j3PXt00wpzsM1m3RCU uXVVP8gRPDZF51ti1yhPQmV7taN5EXDpp74V6SAQamCzk9oWXsE20sAOrI/e0jcULXTneYtlpzad QGyzCOHIchapRl87eAqyz0+QW0dgDbKbtBs/Fm2y5PmFGYWp6WxnOudV1O0PMQVM&U1=004Z1066 np3gzhNtT0dfI4P2vMUZNwmHQIEyLoAPslfwoM4cWnEock5k//sNc/ZsvzqEdvCZ/nX5/yJtwhEX IJTeYC+fql+JN89bIrhr5hbHiUMA0ZIlRu/9ebZnl/f/LZJiRjnN0L'
target="vkgbody" >MenuItemName</a> </td> Thanks Shyam
Current thread:
- URL Decryption Shyam Manohar (Jun 18)
- Re: URL Decryption Matt Fisher (Jun 19)