.Net Havoc. Abusing ASP.net Mechanics & Overriding Properties of Server-Side Web Controls. S hay Chen, CTO @ sectooladdict Hacktics ASC, Ernst & Young September 12 th , 2013. About. Formerly a boutique company that provided information security services since 2004.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Abusing ASP.net Mechanics &
Overriding Properties of Server-Side WebControls
Shay Chen, CTO
HackticsASC, Ernst & Young
September 12th, 2013
Server Control Invisibility Purge
Altering Server Side Properties
Inject / Override the GridViewsqlDataSource and key fields
Executing Application Attacks via Viewstate
Executing Events of Invisible Controls
EventValidation and Viewstate MAC
Preventing Event Execution & Property Override
Shay Chen (@sectooladdict)
Alex Mor (@nashcontrol)