Vigil@nce: Microsoft ASP.NET, Cross Site Scripting via ViewState
February 2010 by Vigil@nce
When ViewState are not signed by Microsoft ASP.NET, an attacker can generate a Cross Site Scripting.
Consequences: client access/rights
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 10/02/2010
Microsoft .NET Framework
DESCRIPTION OF THE VULNERABILITY
An ASP page can use a hidden variable named __VIEWSTATE, containing the state of a form, encoded in base64.
When ViewState are not signed by Microsoft ASP.NET, an attacker can therefore generate a Cross Site Scripting.
Identifiers: TWSL2010-001, VIGILANCE-VUL-9439