|
Title: [SOLVED] Dealing with VIEWSTATE and EVENTVALIDATION in ASP.NET Post by: ethicalhack3r on March 21, 2011, 10:40:03 AM Hi,
I am testing a ASP.NET application that uses viewstate and eventvalidation. I want to use a custom tool written in Ruby which uses the net/http library to authenticate to the application. This is what the tool is doing: 1. GET /login.aspx 2. POST /login.aspx 1) Get login.aspx and parse response. 2) Send post request to login.aspx with eventvalidation and viewstate from 1. The above results in an error. Is there something obvious I am missing here? Most black box web app scanners deal with the application fine. I just can't replicate a valid request on my own. I have tried URL encoding the viewstate and eventvalidation. Ensured that they are being sent correctly. Sending all cookies with 2 that 1 sets. Thanks in advance, Ryan Title: Re: Dealing with VIEWSTATE and EVENTVALIDATION in ASP.NET Post by: ethicalhack3r on March 21, 2011, 11:34:32 AM Problem solved!
VIEWSTATE and EVENTVALIDATION values need to be URL encoded. I thought I had done this before however I wasn't doing it properly.
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |